qt-pilot-usage
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The launch_app tool executes local Python scripts or modules to initialize the testing environment. This is a core function of the skill and is necessary for its intended use case.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests UI metadata, such as widget names and text labels, from external applications. A malicious application could embed instructions within these fields to influence the agent's behavior.
- Ingestion points: Data is gathered via discovery tools like find_widgets, list_all_widgets, get_widget_info, and list_actions.
- Boundary markers: No specific delimiters or instructions are used to separate external UI content from the agent's core instructions.
- Capability inventory: The skill possesses capabilities to run local code via launch_app and write files via capture_screenshot.
- Sanitization: UI text content is not sanitized or escaped before being presented to the agent.
Audit Metadata