openspec-beads-import
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
openspecandbd(Beads) command-line interfaces to automate project management tasks. It dynamically generates shell commands by inserting text extracted from local repository files into command arguments. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from local specification files and includes it in the agent's execution context.
- Ingestion points: Reads requirements and descriptions from files such as
proposal.md,specs/*.md,design/*.md, andtasks.md. - Boundary markers: There are no explicit delimiters or instructions to the agent to treat the imported file content as untrusted data or to ignore instructions contained within those files.
- Capability inventory: The skill possesses the ability to execute system binaries (
openspec,bd) which can modify the state of the repository and external issue trackers. - Sanitization: No sanitization or escaping is performed on the strings read from files before they are passed as arguments to the
bd createcommand flags.
Audit Metadata