beo-execute
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes verification commands defined in bead descriptions or provided as part of approved execution sets as defined in Step 13 of the execution operations appendix. This is a fundamental feature of the skill's workflow to ensure code quality after implementation.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the beads-cli tool (br) to synchronize state with a remote bead registry through commands like 'br sync'. This operation is the intended mechanism for maintaining consistent project state across environments.
- [PROMPT_INJECTION]: The skill processes external data in the form of bead descriptions and state files, which presents a surface for indirect prompt injection. However, it implements a robust integrity and safety chain:
- Ingestion points: Bead descriptions and verification commands are read from 'STATE.json', 'readiness-record.json', and 'approval-record.json'.
- Boundary markers: The skill operates on structured data files and requires explicit approval records rather than relying on unparsed text blocks.
- Capability inventory: The skill is authorized to perform file writes within approved scopes and execute shell commands for verification via the 'br' tool.
- Sanitization: A critical safety gate involves mandatory hash verification of 'PLAN.md' and 'CONTEXT.md' against an 'approval-record.json' before any file mutation is permitted, ensuring that executed commands match the previously approved plan.
Audit Metadata