beads
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the 'bd' CLI and standard Unix utilities ('git', 'grep', 'rm', 'mv'). While these are functional requirements for issue tracking, they allow for significant file system and network (via git) interaction.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from '.beads/issues.jsonl' using the 'bd show' command. If this data is sourced from an untrusted Git repository, it could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: 'bd show ' reads content from '.beads/issues.jsonl' (SKILL.md).
- Boundary markers: Absent; instructions do not specify delimiters or 'ignore embedded instructions' warnings for issue content.
- Capability inventory: 'bd' commands (create, update, close, sync), 'git' operations (add, commit, push), and shell utilities ('rm', 'mv', 'grep') as documented in ANTI_PATTERNS.md.
- Sanitization: Absent; the skill does not include instructions for filtering or validating external issue text.
- [EXTERNAL_DOWNLOADS] (SAFE): Documentation suggests installing the 'bd' CLI via 'brew install bd'. This is presented as a prerequisite for humans or environment setup rather than an automated runtime download by the agent.
Audit Metadata