querying-markdown
Fail
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of an installation script (
scripts/install-mq.sh) that usessudoto move themqbinary to/usr/local/bin, which is a privileged system operation. - [EXTERNAL_DOWNLOADS]: The installation script fetches a binary executable from a third-party GitHub repository (
harehare/mq) which is not an established trusted source for system-level tools. - [REMOTE_CODE_EXECUTION]: The skill downloads an external binary, applies executable permissions (
chmod +x), and runs it locally to confirm the installation. - [PROMPT_INJECTION]: The skill extracts structure and content from Markdown documents, presenting a surface for indirect prompt injection if the processed files contain malicious instructions.
- Ingestion points: Markdown files processed by the
mqcommand inSKILL.mdusage examples. - Boundary markers: None; results are returned directly to the agent without protective delimiters.
- Capability inventory: Shell execution and execution of the downloaded
mqbinary. - Sanitization: None; the tool provides raw extraction of Markdown elements.
Recommendations
- AI detected serious security threats
Audit Metadata