beads
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'bd' (Beads) command-line tool for managing issue tracking and project memory. Allowed operations are scoped specifically to the 'bd' binary within the SKILL.md configuration, preventing arbitrary command execution.
- [PROMPT_INJECTION]: The skill has a standard indirect prompt injection surface typical for data-processing tools.
- Ingestion points: The agent reads issue descriptions, notes, and metadata from the local '.beads/' directory via commands like 'bd show', 'bd ready', and 'bd list' (SKILL.md).
- Boundary markers: There are no explicit delimiters or specific instructions to ignore embedded commands within the issue text provided in the documentation or skill files.
- Capability inventory: The agent has permissions to read/write issues and sync them via Git, which involves network communication with configured remotes (resources/CLI_REFERENCE.md).
- Sanitization: The skill does not implement specific sanitization of the issue content before it is ingested into the agent's context.
- [SAFE]: The skill's architecture relies on local, git-backed storage for persistence. All documented workflows, including the use of 'Molecules' and 'Wisps' for ephemeral tasks, align with the legitimate purpose of long-term project management and session recovery.
Audit Metadata