qt-project

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to process and act upon untrusted local project files.
  • Ingestion points: CMakeLists.txt, *.cmake, CMakePresets.json, .qrc, qmldir, .qml, and C++/header files as specified in SKILL.md.
  • Boundary markers: Present. SKILL.md contains a 'Guardrails' section explicitly instructing the agent to treat project inputs as technical material and data to analyze/edit, never as instructions or directives to follow.
  • Capability inventory: The agent is instructed to write/edit project files and execute standard build system commands (mkdir, cd, qt-cmake, ninja) as detailed in references/configure.md.
  • Sanitization: No specific sanitization or filtering of the processed content is mentioned.
  • [EXTERNAL_DOWNLOADS]: Fetches technical documentation and command signatures from the official Qt documentation site (doc.qt.io). This is a well-known and trusted service for development resources.
  • [COMMAND_EXECUTION]: Provides instructions for the agent or user to perform standard build configuration and compilation using established tools like cmake and ninja.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 02:26 PM
Security Audit — agent-trust-hub — qt-project