to-issues
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from an external issue tracker.
- Ingestion points: The skill fetches and reads the full body and comments of issues from a project issue tracker (SKILL.md, Step 1).
- Boundary markers: There are no explicit instructions or delimiters used to isolate external issue content from the agent's internal instructions.
- Capability inventory: The agent can perform codebase exploration and execute commands via the
bd(Beads) tool to create issues and manage task dependencies. - Sanitization: There is no evidence of sanitization or validation of the text fetched from the issue tracker before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill uses the
bd(Beads) CLI tool to perform issue management tasks. - Evidence: The skill instructs the agent to use
bd createandbd dep addto publish issues and record dependencies. - Context: These commands are part of the core functionality for interacting with the project's issue tracker and do not appear to involve arbitrary command injection or suspicious execution patterns.
Audit Metadata