beads
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell command execution to interact with the
bdCLI and git for issue management, state updates, and repository synchronization. It also includes a validation script (scripts/validate.sh) for checking skill structure. These operations are performed within the scope of the skill's documented task management purpose.\n- [EXTERNAL_DOWNLOADS]: The skill requires thebdCLI tool (v0.34.0+) to be installed. Documentation directs users to well-known and recognized services for installation, specifically Homebrew (brew install bd) and NPM (@beads/cli).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from an external database.\n - Ingestion points: Issue descriptions, notes, and titles retrieved from the beads database via
bd show,bd ready, and.beads/issues.jsonl.\n - Boundary markers: Not implemented; instructions guide the agent to treat the
bdoutput as authoritative context.\n - Capability inventory: The skill provides access to shell command execution (
bd,git,rm) and file system writes.\n - Sanitization: No sanitization or content validation is performed on the data retrieved from the tracker.
Audit Metadata