skills/dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations/beads-workflow/Gen Agent Trust Hub
beads-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed around the use of the
bd(Beads CLI) andbv(Beads Viewer) tools. These tools are used for initializing task structures, creating beads, managing dependencies, and providing triage insights. These are considered vendor resources associated with the author dicklesworthstone.\n- [PROMPT_INJECTION]: The workflow relies on reading external markdown files (e.g., project plans and architecture docs) and instructing the AI to elaborately convert their content into executable tasks. This presents an indirect prompt injection surface where instructions embedded in project files could influence agent behavior.\n - Ingestion points: The skill explicitly reads files such as
PLAN_TO_CREATE_GH_PAGES_WEB_EXPORT_APP.md,AGENTS.md, andREADME.md.\n - Boundary markers: Absent. The prompts instruct the agent to "read ALL" of the files and ensure "EVERYTHING from the markdown plan be embedded into the beads," without using delimiters or warnings to ignore potentially malicious embedded instructions.\n
- Capability inventory: The agent has the capability to execute shell commands via the
bdandbvtools, reserve file system paths, and send messages via a messaging system.\n - Sanitization: No sanitization, filtering, or validation of the ingested markdown content is performed before it is processed by the AI.
Audit Metadata