qmd
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the download of a CLI tool from a personal GitHub repository (
https://github.com/tobi/qmd) and notes that GGUF models are automatically fetched from remote sources during the first run. - [REMOTE_CODE_EXECUTION]: The installation process uses
bun install -gwith a remote Git URL, which involves downloading and executing unverified code from an external source on the user's system. - [COMMAND_EXECUTION]: The skill instructs the agent to execute a variety of shell commands to manage document collections and perform searches. It also includes specific instructions for establishing persistence through system cron jobs to automate indexing updates.
Audit Metadata