qt-project
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to process and act upon untrusted local project files.
- Ingestion points:
CMakeLists.txt,*.cmake,CMakePresets.json,.qrc,qmldir,.qml, and C++/header files as specified inSKILL.md. - Boundary markers: Present.
SKILL.mdcontains a 'Guardrails' section explicitly instructing the agent to treat project inputs as technical material and data to analyze/edit, never as instructions or directives to follow. - Capability inventory: The agent is instructed to write/edit project files and execute standard build system commands (
mkdir,cd,qt-cmake,ninja) as detailed inreferences/configure.md. - Sanitization: No specific sanitization or filtering of the processed content is mentioned.
- [EXTERNAL_DOWNLOADS]: Fetches technical documentation and command signatures from the official Qt documentation site (
doc.qt.io). This is a well-known and trusted service for development resources. - [COMMAND_EXECUTION]: Provides instructions for the agent or user to perform standard build configuration and compilation using established tools like
cmakeandninja.
Audit Metadata