qt-cpp-review
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script (
references/lint-scripts/qt_review_lint.py) to perform deterministic code linting. The script is included in the skill package and operates locally without network access. - [DATA_EXFILTRATION]: The skill is designed to be read-only. It accesses local source files and git diffs to provide feedback. There is no evidence of data being transmitted to external endpoints or unauthorized file access.
- [PROMPT_INJECTION]: As a code review tool, the skill processes untrusted source code provided by the user. This creates a surface for indirect prompt injection (e.g., instructions hidden in code comments), but the skill lacks high-privilege capabilities (like file writing or network access) that could be leveraged for an attack.
- [REMOTE_CODE_EXECUTION]: No patterns of downloading or executing code from remote sources were found. All execution is limited to the provided linter script and standard platform tools like git.
Audit Metadata