quarter-review
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external shell commands using the
qmdtool. It interpolates data extracted from user-controlled files, such as goal descriptions and learnings, directly into command arguments (e.g.,qmd query "[learning description]"). Without strict escaping by the agent, this could allow for command injection if the source files contain shell metacharacters.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to its processing and redistribution of untrusted user-edited content.\n - Ingestion points: Data is ingested from multiple user-editable files including
01-Quarter_Goals/Quarter_Goals.md,03-Tasks/Tasks.md,00-Inbox/Meetings/*.md,00-Inbox/Weekly_Synthesis_*.md, andSystem/Dex_Backlog.md.\n - Boundary markers: Absent. The instructions do not define delimiters or markers to help the agent distinguish between its own logic and the content being processed.\n
- Capability inventory: The agent has the capability to execute shell commands (
qmd), write files to the archives and system configuration directories, and call a telemetry tool (track_event).\n - Sanitization: Absent. No explicit sanitization or validation is performed on the content extracted from external notes before it is used as input for further processing or report generation.
Audit Metadata