Skills
skills/d-kimuson/dotfiles/beads/Gen Agent Trust Hub

beads

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes content from an external issue tracking system using the bd show and bd ready commands.
  • Ingestion points: Commands such as bd show <id> and bd ready --label 'step:plan' in SKILL.md, develop.md, and refine-issues.md ingest external data (descriptions, acceptance criteria).
  • Boundary markers: Absent; there are no instructions to the agent to treat retrieved content as untrusted or to use delimiters to separate it from instructions.
  • Capability inventory: The agent is authorized to execute file system operations, git commands (merge, branch, switch), and various bd tool operations.
  • Sanitization: Absent; the skill does not provide methods or instructions to sanitize or validate the data retrieved from the issue tracker before processing it.
  • [COMMAND_EXECUTION]: The instructions guide the agent to execute shell commands that incorporate variables derived from external issue content. Specifically, references/refine-issues.md suggests using bd update <issue-id> --acceptance '<AC>'. Direct interpolation of the <AC> (Acceptance Criteria) placeholder into the shell command presents a risk of command injection if the issue content contains shell metacharacters like semicolons, backticks, or pipe symbols.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 10:30 PM