Skills
skills/lambda-curry/devagent/Setup Loop/Gen Agent Trust Hub

Setup Loop

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and process external Markdown plan documents to automate task creation. This creates a surface for indirect prompt injection where malicious content within a plan could attempt to manipulate the task creation logic.
  • Ingestion points: DevAgent plan markdown files specified as input in SKILL.md.
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are defined for the plan content processing.
  • Capability inventory: The skill utilizes the bd (Beads) CLI tool to create issues, update metadata, and establish task dependencies.
  • Sanitization: There is no evidence of sanitization or structural validation performed on the text extracted from the plan before it is used to populate CLI command arguments.
  • [COMMAND_EXECUTION]: The skill instructions rely on the execution of the bd (Beads) command-line tool to interact with a task management system.
  • Evidence: Explicit instructions are provided for using bd create, bd update, bd dep add, bd ready, and bd show to manage the lifecycle of project tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 11:53 AM
Security Audit — agent-trust-hub — Setup Loop