beo/exploring
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to construct and execute shell commands using the 'br' utility, interpolating variables such as , <EPIC_ID>, , and . This pattern creates a risk of command injection if the underlying platform does not sanitize these variables before shell execution.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes data from existing project files and epic descriptions to guide its Socratic dialogue process.
- Ingestion points: Reads content from .beads/artifacts//CONTEXT.md, .beo/critical-patterns.md, and the output of 'br show <EPIC_ID>'.
- Boundary markers: None identified. The instructions do not include markers or warnings to ignore instructions embedded within the ingested data.
- Capability inventory: Shell command execution via 'br', 'cat', and 'mkdir', plus arbitrary file writing capabilities via file editing tools.
- Sanitization: No sanitization or validation of the content read from files is specified.
Audit Metadata