to-qa
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Executes the
bd(Beads) command-line tool to retrieve status and details for child issues within the repository. - [PROMPT_INJECTION]: Ingests documentation, tracker files, and external CLI output which could theoretically contain malicious instructions.
- Ingestion points: Reads
docs/agents/issue-tracker.md,.scratchtracker files, git commit messages, and output from thebdCLI tool. - Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' warnings for the data being processed.
- Capability inventory: Invokes MCP tools
qa-to-do.run_to_qa_parentandqa-to-do.qa_session_create, and executes local shell commands via thebdtool. - Sanitization: Data from external sources is used directly to generate checklist items without explicit sanitization or content validation.
Audit Metadata