qt-installer-framework-config
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to indirect prompt injection because it interpolates user-provided metadata directly into executable scripts and configuration files without sanitization.
- Ingestion points: Metadata fields in the
SKILL.mdinput schema, specificallyappInfo.name,appInfo.publisher, andcomponents[].displayName. - Boundary markers: None. The templates in
SKILL.mdshow direct interpolation into XML and JavaScript (.qs) files. - Capability inventory: The skill possesses
Writecapabilities to create.qs(Qt Script) files andBashcapabilities to execute build tools likebinarycreator. - Sanitization: No evidence of sanitization, escaping, or schema validation to prevent malicious injection into the generated JavaScript logic or XML structure.
- COMMAND_EXECUTION (LOW): The skill uses the
Bashtool to execute standard build utilities (binarycreator,repogen) and deployment tools (rsync). These operations are consistent with the skill's documented purpose.
Audit Metadata