qt-widget-accessibility-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process external, untrusted Qt project files which serves as a major injection vector.
- Ingestion points: The
projectPathparameter allows the agent to ingest arbitrary source code, QML files, and build configurations. - Boundary markers: There are no specified delimiters or instructions to ignore embedded natural language instructions within the source code being audited.
- Capability inventory: The skill has access to
Bash,Read,Grep, andGlob. TheBashtool is particularly dangerous if the agent is tricked into compiling or running a malicious project. - Sanitization: No sanitization or validation of the input files is described in the skill logic.
- Command Execution (MEDIUM): The inclusion of
Bashinallowed-toolscombined with the capability 'Test with platform accessibility tools' suggests the skill may execute build commands or platform-specific binaries. If the audited project contains malicious build scripts (e.g., a poisonedproject.proorCMakeLists.txt), it could lead to arbitrary code execution on the host. - Data Exposure (LOW): The
ReadandGlobtools allow the agent to browse the local filesystem. While necessary for auditing, an attacker could use indirect prompt injection to redirect these tools toward sensitive files like~/.ssh/id_rsaor.envfiles within the project directory.
Recommendations
- AI detected serious security threats
Audit Metadata