Skills
skills/vibeeval/vibecosystem/qlty-check/Gen Agent Trust Hub

qlty-check

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of code quality checks and formatting via shell commands. It specifically invokes scripts/qlty_check.py and the qlty CLI tool to perform operations like linting, metrics calculation, and finding code smells.
  • [EXTERNAL_DOWNLOADS]: The skill documentation references the external qlty CLI tool hosted on GitHub at https://github.com/qltysh/qlty as a primary requirement for operation. This external dependency provides the underlying engines for the skill's quality checks.
  • [PROMPT_INJECTION]: The skill interacts with external, potentially untrusted code during quality checks, which presents a surface for indirect prompt injection. If source code files being analyzed contain malicious instructions, they could influence the agent's context when it processes the output of the linting tools.
  • Ingestion points: Source code files in the repository are read by scripts/qlty_check.py and the qlty CLI (SKILL.md).
  • Boundary markers: No specific delimiters or instructions are defined to separate analyzed content from agent instructions in the provided documentation.
  • Capability inventory: The skill utilizes Bash and Read capabilities.
  • Sanitization: No processes for sanitizing or escaping the content of the analyzed files are documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:04 AM
Security Audit — agent-trust-hub — qlty-check