Skills
skills/pedrohcgs/claude-code-my-workflow/qa-quarto/Gen Agent Trust Hub

qa-quarto

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests and utilizes high-privilege tools including Bash, Task, and Edit to manage the Quarto rendering process and apply automated fixes to source files. This level of access is necessary for the skill's workflow but poses a risk if redirected.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from external files such as .tex, .qmd, and .html during the audit and fix cycles. These contents are processed by the 'critic' and 'fixer' agents without explicit boundary markers or sanitization logic mentioned. Because the agent possesses Bash and file-writing capabilities, malicious instructions embedded in a LaTeX comment or Markdown slide could theoretically attempt to execute unauthorized commands or exfiltrate data.
  • Ingestion points: Reads .tex, .pdf, .qmd, and .html files in Phase 0 and Phase 1.
  • Boundary markers: None identified in the skill instructions to separate document content from agent instructions.
  • Capability inventory: Full access to Bash, Task, Write, Edit, Read, Grep, and Glob tools.
  • Sanitization: No evidence of input validation or content filtering before processing by the LLM agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 06:01 PM
Security Audit — agent-trust-hub — qa-quarto