br
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of several CLI tools, including
br(beads_rust),bv(beads viewer),git,jq, andpgrep. These tools are used for initializing workspaces, managing the issue life cycle, and synchronizing data via Git repositories. - [REMOTE_CODE_EXECUTION]: The
br upgradecommand allows the tool to perform a self-update by downloading and executing new binary versions from a remote source. While common for CLI tools, it represents a mechanism for remote code update and execution. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it reads and processes external data from issues (titles, descriptions, comments).
- Ingestion points: Data enters the agent context via commands like
br show <id> --json,br list --json, andbr search "keyword" --json(SKILL.md, references/COMMANDS.md). - Boundary markers: The documentation emphasizes the use of structured output formats like
--jsonto aid parsing, but it does not specify explicit boundary markers or instructions to ignore potential commands embedded within the issue data. - Capability inventory: The agent has the capability to execute shell commands (
br,git), modify local files in the.beads/directory, and perform Git-based network operations (git push,git pull). - Sanitization: There is no evidence of sanitization or filtering of the content within the issue fields before it is processed by the agent.
Audit Metadata