qt-qml-review

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill implements a secure, local-only analysis workflow. A manual review of the provided Python linter script (references/lint-scripts/qt_qml_lint.py) confirms it only uses Python standard libraries (re, json, sys, etc.) and contains no obfuscated code, network exfiltration logic, or dangerous command execution patterns.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) because it ingests untrusted code from the user's repository for analysis.
  • Ingestion points: The agent is instructed in SKILL.md to read *.qml files and the output of git diff commands.
  • Boundary markers: The prompt instructions do not specify explicit boundary markers or 'ignore' delimiters for the ingested code content.
  • Capability inventory: The agents and sub-agents are strictly read-only. The mission instructions in SKILL.md explicitly forbid agents from editing or writing files and limit their tools to searching and reading symbols within the codebase.
  • Sanitization: No specific sanitization or escaping is performed on the ingested code before it is provided as context to the analysis agents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 04:27 PM
Security Audit — agent-trust-hub — qt-qml-review