development
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute project-specific management commands (bd) and standard Rust development commands (cargo). These actions are aligned with the skill's primary purpose and do not show signs of malicious intent.\n- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface because it reads and processes data from project files that could contain malicious instructions.\n
- Ingestion points: Files located in specs/, .beads/, and plans/ are read into the agent's context using the Read tool.\n
- Boundary markers: The instructions do not define delimiters or warnings to ignore instructions embedded within the ingested data.\n
- Capability inventory: The agent can execute shell commands and write to the filesystem using Bash, Edit, and Write tools.\n
- Sanitization: No sanitization or validation logic is present for content retrieved from the project filesystem.
Audit Metadata