beads
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of external CLI tools (
bd,br, andbv) to manage graph-based issue tracking, dependency resolution, and project triage. These operations are core to the skill's purpose and are documented as human-supervised tasks. - [COMMAND_EXECUTION]: Includes a validation script (
scripts/validate.sh) that usesbash -cto execute internal grep-based checks for skill integrity. The commands executed are static strings defined within the script itself and do not incorporate untrusted input. - [EXTERNAL_DOWNLOADS]: The documentation provides instructions for users to install necessary dependencies from standard package managers (Homebrew, NPM, and Go). References are also made to the official GitHub repositories for the underlying tools.
- [PROMPT_INJECTION]: The skill contains 'Indirect Prompt Injection' surfaces because the agent is instructed to treat data from the issue tracker (issue descriptions and notes) as authoritative. While this enables multi-session persistence, it could be leveraged if an attacker provides malicious content via the issues themselves. This risk is categorized as low due to the operational nature of the data.
- [PROMPT_INJECTION]: Several reference files (
MIGRATION.md,PLAN_TO_BEADS.md) provide pre-written prompt templates intended for user-to-agent coordination. These are standard instructional patterns and do not attempt to bypass agent safety guidelines.
Audit Metadata