qt-cmake-project-generator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill demonstrates an attack surface for indirect prompt injection by interpolating untrusted user input into executable contexts. • Ingestion: 'projectName' and 'projectPath' from the input schema. • Boundary markers: Absent; user input is directly inserted into CMake templates. • Capability: 'Write' and 'Bash' tools are allowed, enabling file creation and command execution. • Sanitization: Absent; no validation or escaping of project names is performed before interpolation into generated CMakeLists.txt or suggested Bash commands.
- [EXTERNAL_DOWNLOADS] (LOW): The skill configures package managers (vcpkg, Conan) which download external dependencies. • Context: This is standard behavior for C++ development but involves fetching remote code.
- [COMMAND_EXECUTION] (LOW): The skill utilizes the Bash tool for standard build and configuration tasks (cmake, make).
Audit Metadata