cli-anything-qgis
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from QGIS projects and vector layers, which could serve as a vector for indirect prompt injection if the data contains malicious instructions.
- Ingestion points: The skill reads external files via 'project open', 'feature list', and 'process run' commands.
- Boundary markers: No specific delimiters or safety instructions are defined to separate data from commands.
- Capability inventory: The skill can write to the filesystem through 'project save' and 'export' commands, and execute QGIS-specific logic via 'process run' (interacting with qgis_process).
- Sanitization: No sanitization or validation of input data content is described.
- [DYNAMIC_EXECUTION]: The skill is designed to execute QGIS processing algorithms and run an interactive REPL. These capabilities are consistent with the tool's primary purpose as a GIS automation utility and use the local QGIS environment.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill interacts with the local filesystem to save project files and export results. There are no patterns indicating unauthorized data exfiltration to external domains or hardcoded credentials.
Audit Metadata