Skills
skills/darshitpp/x-agent/qwen/Gen Agent Trust Hub

qwen

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the qwen CLI to perform tasks. In delegation mode, it utilizes the --yolo flag, which is explicitly documented in references/cli-qwen.md as a mechanism to auto-approve all actions. This grants the external model significant autonomy to perform system-level changes without per-action user confirmation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the way it handles untrusted data:
  • Ingestion points: In references/shared-procedure.md (Step 4), the skill reads project context including design documents, git diff outputs, and implementation files.
  • Boundary markers: The prompt construction logic in Step 5 does not utilize structural delimiters or markers to isolate the ingested file content from the system instructions, increasing the risk that malicious content in a project file could override agent behavior.
  • Capability inventory: The skill has the capability to execute commands on the host system via the qwen CLI wrapper, especially when the --yolo autonomy flag is active.
  • Sanitization: No sanitization or validation routines are specified for the content gathered from local files before it is passed to the external model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 07:23 AM