qmd-extended
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/embed-switch.shmodifies the user's shell configuration files (~/.bashrc and ~/.profile) using sed. Modifying shell startup scripts is a significant system change and a common persistence technique.\n- [COMMAND_EXECUTION]: The scriptscripts/embed-test.shinterpolates the $TEXT variable directly into a shell command executing curl. This allows for shell command injection if the input provided by the user contains shell metacharacters such as backticks or command substitution syntax.\n- [CREDENTIALS_UNSAFE]: The scriptsscripts/embed-status.shandscripts/embed-test.shprogrammatically retrieve a Google API key from the system's pass password manager (pass show api/google-ai-studio). This practice increases the exposure surface of sensitive credentials by making them accessible to any process that can observe the script's execution or environment.\n- [COMMAND_EXECUTION]: The skill documentation describes patching a global Node.js module file located at /home/aa/.npm-global/lib/node_modules/@tobilu/qmd/dist/llm.js. Modifying shared system or library files is an invasive action that can affect the stability and security of other tools on the system.
Recommendations
- AI detected serious security threats
Audit Metadata