Skills
skills/dkyazzentwatwa/chatgpt-skills/qr-code-generator/Gen Agent Trust Hub

qr-code-generator

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/batch_generate.py uses subprocess.check_call to execute the secondary script scripts/generate_qr.py using arguments derived from untrusted CSV data. While it uses a list for arguments which prevents shell injection, it incorporates unvalidated external input.
  • [COMMAND_EXECUTION]: Path traversal vulnerability in scripts/batch_generate.py. The id field from the CSV input is used directly to construct file paths (os.path.join(args.outdir, f\"{_id}.png\")) without sanitization. An attacker could provide a CSV with an id like ../../filename to write files outside the designated output directory.
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified.
  • Ingestion points: scripts/batch_generate.py reads user-provided CSV files and processes each row.
  • Boundary markers: Absent; there are no delimiters or instructions to the agent to ignore content within the CSV data.
  • Capability inventory: The skill allows file system writes and subprocess execution across both Python scripts.
  • Sanitization: While URL validation and XML escaping are present in scripts/generate_qr.py, the skill lacks path sanitization for file names in scripts/batch_generate.py.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 12:17 AM