tracking
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill includes 'git push' and 'bd sync' commands that transmit task metadata and progress notes to external Git repositories as part of its synchronization protocol.
- Indirect Prompt Injection (LOW): The skill ingests untrusted text into task titles and notes which are stored persistently. Evidence: 1. Ingestion points: 'bd create' and 'bd update' commands. 2. Boundary markers: No delimiters or ignore instructions are present in the provided examples. 3. Capability inventory: Executes CLI commands (bd, git). 4. Sanitization: No sanitization or validation logic is described in the documentation.
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill depends on a pre-installed 'bd' (Beads) CLI tool. While it does not download code at runtime, the core logic relies on an external executable that is not part of the skill's own source files.
Audit Metadata