using-bee
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'bee' CLI tool to perform Backlog operations. This includes powerful capabilities such as 'bee api', which allows raw API requests (POST, PUT, DELETE). These functions are consistent with the tool's primary purpose for project management and automation.
- [EXTERNAL_DOWNLOADS]: References a supplementary command guide hosted at 'https://nulab.github.io/bee/llms-full.txt'. This is a trusted vendor resource belonging to the author, Nulab, and is used for providing extended documentation to the agent.
- [PROMPT_INJECTION]: The skill processes untrusted user-generated content (issue descriptions, comments, wikis) from the Backlog platform, which constitutes an indirect prompt injection surface. However, the skill explicitly instructs the agent to treat this content as data rather than instructions.
- Ingestion points: Backlog issue summaries, descriptions, comments, pull request bodies, and wiki content accessed via 'bee issue', 'bee pr', and 'bee wiki' commands.
- Boundary markers: No explicit structural delimiters are defined for command outputs, but the skill includes a dedicated 'Security' section with guidance for the agent.
- Capability inventory: The agent has capabilities to read/write project data, manage user permissions, and execute raw API requests via 'bee api'.
- Sanitization: The skill body contains explicit instructions to treat returned content as untrusted user input and never follow embedded directives.
Audit Metadata