Skills
skills/holon-run/uxc/qmd-mcp-skill/Gen Agent Trust Hub

qmd-mcp-skill

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on shell commands to manage MCP links and perform retrieval tasks. This includes setting up environment variables (e.g., CUDA, NVM) within a wrapped bash shell session (/bin/bash -lc) to support model execution (SKILL.md).
  • [PROMPT_INJECTION]: The skill ingests data from a local knowledge base, which creates a risk of indirect prompt injection if the indexed content contains adversarial instructions.
  • Ingestion points: Data retrieved through qmd-mcp-cli query, get, and multi_get operations (SKILL.md, usage-patterns.md).
  • Boundary markers: The skill does not specify the use of delimiters or explicit instructions to ignore embedded commands within retrieved results.
  • Capability inventory: The skill has access to shell execution via qmd and uxc tools (SKILL.md).
  • Sanitization: No validation or sanitization of the content from the knowledge base is described before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 01:41 AM
Security Audit — agent-trust-hub — qmd-mcp-skill