Skills
skills/btraut/skills/beads-create/Gen Agent Trust Hub

beads-create

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess calls to execute commands for the bd (classic Beads) and br (beads_rust) trackers, including create, update, sync, and dep cycles checks.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted user-provided documentation to generate issue tracker entries.
  • Ingestion points: External plans, specs, PRDs, and design documents are ingested as part of the translation process in SKILL.md (Steps 3-5).
  • Boundary markers: The skill does not define specific boundary markers or delimiters to separate untrusted source text from instructions.
  • Capability inventory: The skill has the capability to execute shell commands (bd and br CLIs) and modify local tracker state as documented in SKILL.md (Steps 2, 5, 6, and 8).
  • Sanitization: No sanitization or validation of the input text is performed before it is used to populate issue titles, descriptions, and acceptance criteria.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 12:35 AM