Skills
NYC
skills/aidotnet/moyucode/qrcode-generator/Gen Agent Trust Hub

qrcode-generator

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is designed to process external, potentially untrusted data to generate images.
  • Ingestion points: Untrusted data enters the skill via the --data argument, the contents of the file provided to --batch, and the image file provided to --logo in scripts/qrcode_generator.py.
  • Boundary markers: No boundary markers or 'ignore embedded instructions' prompts are used to delimit the data being encoded.
  • Capability inventory: The skill has the capability to read local files and write new image files to the file system.
  • Sanitization: No sanitization is performed on the input data or file paths beyond basic existence checks.
  • Data Exposure (LOW): The --batch and --logo features allow the agent to read local files. An adversary could potentially use indirect prompt injection to trick the agent into reading a sensitive file (e.g., .env or SSH keys) and encoding its contents into a QR code, which would then be displayed to the user/attacker.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 07:09 AM