beads-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by reading and processing external markdown plans to create task structures. Ingestion points: Reads user-provided files such as YOUR_PLAN_FILE.md and AGENTS.md (found in references/plan-to-beads.md). Boundary markers: The prompts lack strong delimiters or explicit instructions to ignore embedded commands. Capability inventory: Uses the bd tool for task modification and send_message for communication. Sanitization: No explicit sanitization or validation is performed on the input markdown content.
- [COMMAND_EXECUTION]: The skill utilizes the bd and bv CLI tools for task initialization, creation, and graph analysis. These are vendor-owned resources (oakoss) and operate within the expected scope of the workflow. Example commands include bd init, bd create, and bv --robot-insights as documented in references/agent-integration.md.
Audit Metadata