setup
Warn
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@tobilu/qmdpackage usingbun install -g. This package is a third-party dependency not associated with a known trusted organization or the skill author. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute several commands including global package installation and theqmdCLI for indexing operations. - [PROMPT_INJECTION]: The skill facilitates the indexing of external document corpora, which introduces a surface for Indirect Prompt Injection. If indexed documents contain malicious instructions, they could influence the agent during search retrieval.
- Ingestion points: The
qmd collection add <path>command (SKILL.md) ingests all markdown files from a user-specified directory. - Boundary markers: No instructions are provided to the agent to treat indexed content as untrusted or to use delimiters.
- Capability inventory: The skill possesses
Bashcapabilities (SKILL.md) to manage the local vector database. - Sanitization: No sanitization or content filtering is performed on the documents before they are added to the semantic index.
Audit Metadata