beadboard-driver
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it directs the agent to ingest and act upon data from project-level files and task notes.
- Ingestion points: The agent reads the Environment Status Cache from
project.md(Step 0) and task context frombd show(Step 4). - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat this external data as untrusted or to ignore embedded instructions.
- Capability inventory: The agent has the capability to execute shell commands, install software, and modify project files.
- Sanitization: There is no evidence of sanitization or schema validation performed on the contents of the
project.mdfile before it is processed by the agent. - [EXTERNAL_DOWNLOADS]: The skill automates the installation of the BeadBoard coordination system by cloning its repository from GitHub and installing the
beads-clipackage from the NPM registry. These resources are authored by the skill's vendor. - [COMMAND_EXECUTION]: Several utility scripts use
spawnSyncandexecFileto invoke CLI tools for environment setup and coordination. Notably, it configures a mail delegate in thebdtool which executes a local shim script to handle agent communications. - [REMOTE_CODE_EXECUTION]: The skill facilitates the installation and execution of external code through global NPM package installation and repository cloning as part of its initialization and execution runbook.
Audit Metadata