beads
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes several command-line operations including
bd,rg(ripgrep), and standard shell utilities likecatandecho. These are all associated with the primary, stated purpose of the skill for local issue tracking and status reporting. - [DATA_EXPOSURE] (SAFE): The skill interacts with a local
.beads/directory. While it mentions abd synccommand which interacts with git remotes, this is a standard and expected behavior for a distributed issue-tracking system. No sensitive file paths (like SSH keys or AWS credentials) are targeted. - [INDIRECT_PROMPT_INJECTION] (LOW): As a tool that reads external data (issue descriptions, comments, and project files via
bd showandbd activity), there is an inherent surface for indirect prompt injection if those files contain malicious instructions. However, the skill is designed for trusted local repository environments. - Ingestion points:
bd show <id>,bd list,bd activity, andbd searchread content from the.beads/directory. - Boundary markers: None explicitly mentioned for processing tool output.
- Capability inventory: Local command execution (
bdcommands), file reading, and git-based synchronization. - Sanitization: The skill relies on the underlying 'bd' tool for data handling.
- [PERSISTENCE_MECHANISMS] (SAFE): The
bd hooks installcommand is mentioned, which typically modifies git hooks to automate workflows. This is a common and documented feature of the described tool and is not used here for malicious persistence.
Audit Metadata