qt-qml-docs
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for the legitimate purpose of documenting QML components. It performs local file system operations, such as reading source code and writing documentation to a 'doc/' subdirectory, which are consistent with its primary function.
- [SAFE]: The skill includes explicit security guardrails in the platform-specific instruction files (
platforms/copilot.prompt.mdandplatforms/windsurf.md) that direct the agent to treat all source code content strictly as data, which is a best practice to mitigate risks associated with indirect prompt injection via comments or strings in the code being documented. - [SAFE]: The skill uses interactive user prompts (
AskUserQuestion) before performing overwriting operations on existing files, ensuring the user maintains control over file system modifications. - [SAFE]: No obfuscation, data exfiltration, or unauthorized command execution patterns were detected. The use of shell commands like
lsis limited to checking for the existence of files and directories within the project context.
Audit Metadata