guidance
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands and Python code to resolve paths and read documentation. Evidence:
python3 -c "from qwenpaw.constant import DOCS_DIR...",which qwenpaw,find ~/.qwenpaw/memory/, andcat <doc_path>are used to locate and read files. - [PROMPT_INJECTION]: The skill processes untrusted local data, creating an indirect prompt injection surface. (1) Ingestion points: Documentation content is read from the local file system (SKILL.md, Step 3). (2) Boundary markers: Absent; no instructions wrap ingested content in delimiters. (3) Capability inventory: The agent has shell execution and file system access. (4) Sanitization: Absent; no validation is performed on documentation content.
Audit Metadata