querying-markdown

Fail

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the execution of an installation script (scripts/install-mq.sh) that uses sudo to move the mq binary to /usr/local/bin, which is a privileged system operation.
  • [EXTERNAL_DOWNLOADS]: The installation script fetches a binary executable from a third-party GitHub repository (harehare/mq) which is not an established trusted source for system-level tools.
  • [REMOTE_CODE_EXECUTION]: The skill downloads an external binary, applies executable permissions (chmod +x), and runs it locally to confirm the installation.
  • [PROMPT_INJECTION]: The skill extracts structure and content from Markdown documents, presenting a surface for indirect prompt injection if the processed files contain malicious instructions.
  • Ingestion points: Markdown files processed by the mq command in SKILL.md usage examples.
  • Boundary markers: None; results are returned directly to the agent without protective delimiters.
  • Capability inventory: Shell execution and execution of the downloaded mq binary.
  • Sanitization: None; the tool provides raw extraction of Markdown elements.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 22, 2026, 06:02 AM
Security Audit — agent-trust-hub — querying-markdown