ralph-tui-create-beads
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface. The skill extracts shell commands from the 'Quality Gates' section of a user-provided PRD and incorporates them into task descriptions.\n
- Ingestion points: Processes external PRD markdown files or text input via the 'create beads' trigger.\n
- Boundary markers: Absent; the skill does not use delimiters or instructions to prevent the agent from following embedded malicious instructions within the PRD.\n
- Capability inventory: Generates shell commands (via the 'bd' CLI) which are intended for later execution by an autonomous agent.\n
- Sanitization: Absent; the skill blindly extracts and interpolates commands from the PRD into the task output.\n- [COMMAND_EXECUTION] (SAFE): The skill generates shell commands for the 'bd' (Beads) CLI tool. This is the primary intended function of the skill and is considered safe within the context of task management, provided the input sources are trusted.
Audit Metadata