Skills
skills/btraut/skills/beads-create/Gen Agent Trust Hub

beads-create

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interacts with the bd CLI tool to create epics and issues based on user-provided plans.
  • [DATA_EXPOSURE]: References a hardcoded absolute file path in the author's local development environment (/Users/btraut/Development/skills-external/beads/SKILL.md). While this points to a specific user's directory, it is used to load additional guidance for the tool.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external, untrusted documents such as PRDs, OpenSpecs, and design docs to generate issues, which could contain instructions meant to influence the agent's behavior.
  • Ingestion points: External plans, specs, PRDs, and design documents (SKILL.md).
  • Boundary markers: None present; the agent is instructed to translate the plan directly into the Beads structure.
  • Capability inventory: The skill uses the bd CLI to create project hierarchies, epics, and tasks (SKILL.md).
  • Sanitization: There is no mention of sanitizing or escaping the content of the external plans before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:42 PM