Skills
skills/bjesuiter/skills/jb-beans/Gen Agent Trust Hub

jb-beans

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by design. In the file beans-prime.ts, the output of the beans prime command is captured and injected directly into the agent's system prompt and context arrays.
  • Ingestion points: The beans prime shell command output in beans-prime.ts.
  • Boundary markers: Absent; the content is pushed to output.system and output.context without delimiters or instructions to ignore potential commands within the data.
  • Capability inventory: The skill possesses the ability to create, list, update, and delete files within the .beans/ directory, and can execute complex GraphQL queries against the task graph.
  • Sanitization: No sanitization is performed on the CLI output before it is added to the system prompt.
  • [COMMAND_EXECUTION]: The plugin file beans-prime.ts executes shell commands using a shell-tag literal ($), specifically running which beans, test -f, and beans prime to integrate project context into the AI session.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file and its metadata instructions suggest installing the beans binary from a third-party GitHub repository (hmans/beans) using Homebrew or Go.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 01:26 PM