beads-br
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local CLI tools
brandbvfor issue management. The commands described are limited to project metadata management (creating, updating, and querying tasks) and do not involve arbitrary command execution or system modification. - [EXTERNAL_DOWNLOADS]: The documentation mentions a
br upgradecommand for self-updating. This is presented as a standard maintenance feature of the CLI tool and is not associated with suspicious download-and-execute patterns like piped shell scripts. - [DATA_EXPOSURE]: The skill explicitly includes guidelines to prevent data leakage in shared repositories, such as using a private ledger (
_beads/) and ensuring it is added to.gitignore. It facilitates legitimate synchronization of task data to the.beads/directory within the user's repository. - [INDIRECT_PROMPT_INJECTION]: As an issue tracker, the skill processes external data (issue titles and descriptions). While this represents a potential surface for indirect injection, the skill's instructions are focused on structured task management and do not provide an automated execution path for untrusted data.
Audit Metadata