qt-qml-review
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a secure, local-only analysis workflow. A manual review of the provided Python linter script (
references/lint-scripts/qt_qml_lint.py) confirms it only uses Python standard libraries (re, json, sys, etc.) and contains no obfuscated code, network exfiltration logic, or dangerous command execution patterns. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) because it ingests untrusted code from the user's repository for analysis.
- Ingestion points: The agent is instructed in
SKILL.mdto read*.qmlfiles and the output ofgit diffcommands. - Boundary markers: The prompt instructions do not specify explicit boundary markers or 'ignore' delimiters for the ingested code content.
- Capability inventory: The agents and sub-agents are strictly read-only. The mission instructions in
SKILL.mdexplicitly forbid agents from editing or writing files and limit their tools to searching and reading symbols within the codebase. - Sanitization: No specific sanitization or escaping is performed on the ingested code before it is provided as context to the analysis agents.
Audit Metadata