beads-implement
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands to interact with local development tools (
bd,br) and version control (git). These commands are integral to the skill's function for claiming tasks, updating statuses, and committing code changes. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes data from external task trackers which may contain untrusted instructions.
- Ingestion points: Data enters the agent context via
bd show <id> --jsonandbr show <id> --jsonas described inSKILL.md. - Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the ingested tracker data.
- Capability inventory: The agent can execute shell commands, modify files during implementation, and perform Git commits.
- Sanitization: No sanitization or validation is applied to the content retrieved from the tracker before it is processed by the agent.
Audit Metadata