skills/itechmeat/llm-code/beads/Gen Agent Trust Hub

beads

Fail

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The instructions recommend installing the beads tool by downloading binaries or execution scripts from a third-party GitHub repository (https://github.com/gastownhall/beads) that is not identified as a trusted source.
  • [COMMAND_EXECUTION]: The skill relies on the execution of various shell-based commands using the bd tool. These commands are used to initialize repositories (bd init), manage tasks (bd create, bd update), and handle synchronization logic.
  • [DATA_EXFILTRATION]: The tool is designed to synchronize local issue databases with external remotes and services (Dolt, GitHub, GitLab, Linear, Jira, and Azure DevOps). This functionality involves sending task data, metadata, and agent-specific memories to external infrastructure.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its data ingestion model.
  • Ingestion points: Untrusted data is retrieved from external sources through bd sync, bd import, and various issue tracker integrations.
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are provided.
  • Capability inventory: The skill provides shell command execution, network access, and file system access.
  • Sanitization: No evidence of validation for content pulled from external trackers.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 19, 2026, 06:38 AM
Security Audit — agent-trust-hub — beads