beads-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of operational guidelines for a repository-based issue tracker. All commands and integration patterns align with the tool's intended purpose of facilitating multi-agent coordination.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run bd commands. These commands manage issue metadata and sync state with Git remotes, posing no risk of unauthorized system access or arbitrary code execution.
- [PROMPT_INJECTION]: The skill processes external data from issue descriptions and comments, which presents a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through bd show and bd list commands in SKILL.md.
- Boundary markers: The instructions do not specify any delimiters or safety warnings for processing issue text.
- Capability inventory: The agent has access to the Bash CLI and GitHub MCP tools.
- Sanitization: No input validation or escaping mechanisms are mentioned for the processed data.
Audit Metadata