beads
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill utilizes an untrusted remote code execution pattern. Evidence: Automated scans found 'curl -fsSL https://raw.githubusercontent.com/steveyegge/beads/main/scripts/install.sh | bash', which executes code from a non-whitelisted source directly.
- PROMPT_INJECTION (HIGH): The skill establishes an indirect prompt injection surface through persistent project notes. 1. Ingestion points: Untrusted data enters the agent context via 'bd' issue notes and implementation guides (see references/ISSUE_CREATION.md). 2. Boundary markers: Absent. There are no instructions provided to the agent to treat issue content as untrusted. 3. Capability inventory: The agent is explicitly expected to use 'WORKING CODE' and 'IMPLEMENTATION GUIDES' stored in these notes (see references/RESUMABILITY.md). 4. Sanitization: Absent. Malicious code stored in issue notes can influence or hijack agent behavior in future sessions.
- EXTERNAL_DOWNLOADS (LOW): The skill downloads scripts from an external GitHub repository (steveyegge/beads) during installation.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/steveyegge/beads/main/scripts/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata