Skills
NYC
skills/johnlindquist/claude/beads/Gen Agent Trust Hub

beads

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data (titles, descriptions, notes) from an external tracker via bd ready, bd list, and bd show. Evidence: 1. Ingestion points: SKILL.md usage of bd ready, bd list. 2. Boundary markers: Absent. 3. Capability inventory: bd create, bd update, bd sync, bd hooks install. 4. Sanitization: Absent. Malicious instructions in the tracker could lead to unauthorized actions.\n- [Unverifiable Dependencies] (MEDIUM): The skill requires the beads CLI, installed via cargo install. This is an untrusted third-party package outside of any defined trust scope.\n- [Persistence Mechanisms] (HIGH): The command bd hooks install modifies git hooks in the repository. This allows for persistent arbitrary code execution during normal git operations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:29 PM