qt-qml-docs

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed for the legitimate purpose of documenting QML components. It performs local file system operations, such as reading source code and writing documentation to a 'doc/' subdirectory, which are consistent with its primary function.
  • [SAFE]: The skill includes explicit security guardrails in the platform-specific instruction files (platforms/copilot.prompt.md and platforms/windsurf.md) that direct the agent to treat all source code content strictly as data, which is a best practice to mitigate risks associated with indirect prompt injection via comments or strings in the code being documented.
  • [SAFE]: The skill uses interactive user prompts (AskUserQuestion) before performing overwriting operations on existing files, ensuring the user maintains control over file system modifications.
  • [SAFE]: No obfuscation, data exfiltration, or unauthorized command execution patterns were detected. The use of shell commands like ls is limited to checking for the existence of files and directories within the project context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 12:49 PM
Security Audit — agent-trust-hub — qt-qml-docs