Skills
skills/richardanaya/agent-skills/bd-modify-product-description-and-tasks/Gen Agent Trust Hub

bd-modify-product-description-and-tasks

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill's core function is to read and process external content from the 'bd' issue tracker (stored in .beads/issues.jsonl).
  • Ingestion points: bd show <issue-id>, bd create --file <path>, and the .beads/issues.jsonl file itself.
  • Boundary markers: None are specified in the instructions to help the agent distinguish between issue data and instructions.
  • Capability inventory: The skill allows for local command execution via the bd CLI tool and modification of project files.
  • Sanitization: No sanitization or validation logic is present to filter malicious prompts embedded in issue fields.
  • [Command Execution] (MEDIUM): The skill relies on the execution of the bd CLI tool. While the commands used are specific (e.g., bd create), the tool itself is an unverified dependency that must be pre-installed on the host system, and the agent's interaction with it provides a surface for potential command injection if parameters are not correctly escaped by the underlying execution environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:44 AM