beads-implement
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of the 'bd' (Beads) CLI utility for its core functionality. It uses 'bd prime', 'bd show', 'bd update', and 'bd sync' to manage workflow states and retrieve information.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through task data it processes.
- Ingestion points: The agent reads titles, descriptions, and acceptance criteria from 'bd show ' output in SKILL.md.
- Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are defined for the task content.
- Capability inventory: The agent can modify the local file system, execute CLI commands, perform git commits, and spawn sub-agents.
- Sanitization: There is no mention of sanitizing or validating the content retrieved from the tool before processing.
Audit Metadata