Skills
skills/cloudsen/eliteforge-skills/eliteforge-qingtui-cli/Gen Agent Trust Hub

eliteforge-qingtui-cli

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill automatically installs and upgrades the eliteforge-qingtui-cli package from PyPI using pipx at runtime.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution (qingtui, pipx, jq) to perform its primary functions. It also uses shell pipes and command substitution ($(...)) to chain operations.
  • [CREDENTIALS_UNSAFE]: The skill requires sensitive environment variables, specifically QINGTUI_SECRET and QINGTUI_APPID, to authenticate with the QingTui API.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted user data (e.g., user logins, phone numbers) and interpolates it directly into shell command arguments (qingtui resolve-users --user-login '...').
  • Ingestion points: User input provided for user lookup or message content.
  • Boundary markers: Absent; the skill does not use specific delimiters to separate user data from command structure.
  • Capability inventory: Execution of shell commands via pipx and the qingtui tool.
  • Sanitization: No explicit sanitization or validation of user-provided strings before they are used in command-line arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 02:36 PM