beads
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured documentation and operational best practices for the 'bd' (beads) CLI tool, which is a git-backed issue tracker. It includes decision frameworks (bd vs TodoWrite), workflow checklists, and technical reference material.
- [SAFE]: No evidence of prompt injection or instructions to bypass safety guidelines was found. The skill focuses on organizing work and preserving state.
- [SAFE]: Data handling is restricted to the 'bd' tool's legitimate function of tracking issues and syncing them via Git. No sensitive file access or unauthorized data exfiltration patterns were detected.
- [SAFE]: The skill contains no obfuscated code, Base64 strings, or hidden instructions. All documentation is in clear, human-readable markdown.
- [SAFE]: Although the skill consumes information from the 'bd' tool (Category 8: Indirect Prompt Injection), it is used as a productivity tool where the agent is the primary operator. The ingestion points are standard tool outputs from the 'bd' CLI (e.g.,
bd show,bd ready), and the capability inventory is limited to 'bd' commands and file reads.
Audit Metadata