beads
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured with restricted tool access using the 'Bash(bd:*)' tool definition. This follows the principle of least privilege by limiting the agent's execution to the specific 'bd' command-line interface, which prevents arbitrary command injection or execution of unauthorized bash commands.- [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for users to install the beads CLI and Dolt using well-known package managers such as Homebrew (brew) and Go (go install). No automated or hidden remote code execution (curl | bash) scripts are present in the skill's logic.- [DATA_EXFILTRATION]: The skill supports synchronizing state with remote repositories through documented commands like 'bd sync' and 'bd dolt push'. These are legitimate features for team collaboration and project persistence. No evidence was found of unauthorized data transmission to unknown or suspicious domains.- [PROMPT_INJECTION]: The skill's instructions are focused on task management and architectural frameworks. No attempts to override safety guidelines, bypass filters, or extract system prompts were detected.- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided issue notes and titles, it includes guidance on writing structured notes and separating design from acceptance criteria. The vulnerability surface is limited by the restricted command set and the nature of the data being Git-backed, which provides an audit trail for all changes.
Audit Metadata