qwen-delegation
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [Command Execution] (LOW): The skill utilizes several CLI tools (
qwen-cli,python) to execute shell commands. While these are standard for delegation workflows, they involve executing logic via a local script (~/conjure/tools/delegation_executor.py) and standard CLI binaries. These operations are governed by the local user's permissions. - [Indirect Prompt Injection] (LOW): This skill has an inherent injection surface (Category 8c/8d) as it is designed to read and process external files (
src/**/*.py) and user-provided prompts. - Ingestion points: Files passed via the
--filesflag or@pathsyntax inSKILL.md. - Boundary markers: None explicitly defined in the provided snippets; relies on the underlying
qwen-cliformatting. - Capability inventory: Execution of Python scripts and the
qwenbinary. - Sanitization: Not present in the instruction set; assumes the underlying executor or CLI handles sanitization.
- [Data Exposure] (INFO): The documentation suggests setting
QWEN_API_KEYvia environment variables. While it uses a placeholder (your-key), it encourages a pattern that could lead to credential exposure in shell history if not handled carefully by the user.
Audit Metadata