beads

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) This SKILL.md is a benign, coherent specification for using the 'bd' CLI as a persistent, git-backed task tracker for AI agents. It does not contain code-level malware or obfuscated behavior. The main security concerns are operational: (1) the recommended curl|bash installer is a remote-exec pattern that requires trust in the repository and should be reviewed before running; (2) allowing an agent to run bd sync or bd daemon gives it the ability to commit and push local data to configured git remotes, which could accidentally exfiltrate sensitive information if not properly constrained. Recommend: audit any install script prior to execution, restrict agent permissions for network/git operations in high-risk environments, and ensure .beads/ exports do not include sensitive files. LLM verification: Functionally the skill's commands and required artifacts are consistent with its stated purpose (git-backed persistent task tracking). The primary security concern is the recommended install method that pipes a raw GitHub-hosted script directly into bash, and the broad instruction set to use npm/brew — these patterns increase supply-chain risk because they execute externally sourced code without explicit verification. There is no direct evidence in the provided document of data exfiltration code