managing-bd-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Employs shell scripting logic for bulk status updates, specifically using a 'while read' loop to iterate over task IDs filtered from CLI output. This pattern assumes the safety and consistency of the 'bd' tool's output.
- [PROMPT_INJECTION]: Provides a surface for Indirect Prompt Injection (Category 8) by processing and merging 'design' fields which contain arbitrary markdown text.
- Ingestion points: Untrusted data is ingested through 'bd show' and 'bd list' operations as described in 'SKILL.md'.
- Boundary markers: No specific delimiters or safety instructions are defined to separate task content from agent instructions in the prompt templates.
- Capability inventory: The skill allows the agent to create, modify, and close tasks, as well as manage complex dependencies across epics.
- Sanitization: No sanitization or validation of the design content is implemented within the skill's logic.
- [COMMAND_EXECUTION]: Recommends direct interaction with the internal data store '.beads/issues.jsonl' using 'git log' for manual data recovery, bypassing the primary CLI interface.
Audit Metadata