beo-compounding
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including
git logfor history retrieval and custom tools likebr(Bead Runner) andqmd(Query Markdown) for managing project state and searching documents. These operations are conducted within the local development environment.\n- [PROMPT_INJECTION]: The skill processes external artifacts which constitutes an indirect prompt injection surface. \n - Ingestion points: Feature artifacts in
.beads/artifacts/, git logs, and review findings.\n - Boundary markers: Absent; the skill does not use specific delimiters to isolate untrusted content during synthesis.\n
- Capability inventory: File system writes, git operations, and execution of local CLI utilities.\n
- Sanitization: No explicit validation or escaping of ingested data is performed before it is used in synthesis or as arguments for search commands.\n- [SAFE]: No network exfiltration, hardcoded credentials, or persistence mechanisms were detected. The skill enforces 'Hard Gates' that restrict critical operations and ensure subagents do not author final project records.
Audit Metadata