configure
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill interpolates user-provided inputs and environment variables into bash commands in Step 6. Because these values are wrapped in double quotes rather than single quotes or being properly sanitized, they remain susceptible to shell expansion and command substitution (e.g., using $() or backticks), which could lead to unintended command execution if the project directories or user descriptions contain special characters.- [EXTERNAL_DOWNLOADS]: Step 1 instructs the user to install the external package '@tobilu/qmd' via npm. While the installation is a manual user action, the skill thereafter relies on and executes code from this unverified third-party dependency.- [COMMAND_EXECUTION]: In Step 10, the skill generates a shell script and appends it to '.git/hooks/post-commit' to automate re-indexing. This acts as a persistence mechanism, ensuring that the 'qmd' tool is executed in the background on every git commit, which can maintain activity outside of the immediate agent session.
Audit Metadata