Skills
skills/richardanaya/agent-skills/bd-what-to-work-on-next/Gen Agent Trust Hub

bd-what-to-work-on-next

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill relies on the execution of a third-party CLI tool named 'bd'. While the instructions use hardcoded subcommands (e.g., 'bd ready', 'bd status'), the safety of the tool itself is unverifiable from the skill content. It assumes the tool is present and benign in the execution environment.
  • [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8). It processes external content from a repository file which can be modified by any contributor.
  • Ingestion points: Content is retrieved from .beads/issues.jsonl through various bd commands like bd search and bd list.
  • Boundary markers: Absent. There are no instructions or delimiters used to separate untrusted issue data from the agent's internal reasoning or system instructions.
  • Capability inventory: The agent uses the retrieved data to perform searches, visualize dependency graphs, and generate work recommendations ('Decision Framework').
  • Sanitization: Absent. The skill does not implement any filtering or sanitization of the issue content before the agent analyzes it, allowing malicious instructions embedded in issue trackers to potentially influence agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 05:30 AM