beads-bv
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on local CLI tools
bvandbrto perform extensive operations on the project's task data stored in the.beads/directory. These tools can modify project state and generate executable shell scripts via the--emit-scriptflag. - [PROMPT_INJECTION]: The skill processes and outputs data from task titles and descriptions. This creates a surface for indirect prompt injection where malicious instructions embedded in a task could influence the agent's behavior during triage.
- Ingestion points: Data enters the context through commands such as
bv --robot-triageandbr list --jsonwhich read from the local.beads/directory. - Boundary markers: The tools utilize structured JSON output, providing a degree of separation between metadata and task content, though instructions within the content are not explicitly ignored by the agent.
- Capability inventory: The agent has the ability to create, update, and close tasks using
br, and can generate scripts usingbv. - Sanitization: No explicit sanitization or filtering of task content is described in the documentation or provided recipes.
- [COMMAND_EXECUTION]: The tool includes a feature (
--emit-script) that generates shell scripts for automating task management. This represents a form of dynamic code generation where the agent might be instructed to execute these scripts at runtime.
Audit Metadata