Skills
skills/besoeasy/open-skills/generate-qr-code-natively/Gen Agent Trust Hub

generate-qr-code-natively

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes instructions to use sudo for installing the qrencode package via apt-get, which requires administrative privileges on the host system.
  • [EXTERNAL_DOWNLOADS]: The skill references and installs the qrcode package from the public npm registry to provide its core functionality.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes arbitrary data to generate QR codes.
  • Ingestion points: External data is ingested through command-line arguments in the Node.js implementation (process.argv[2]) and through shell variables in the Bash implementation.
  • Boundary markers: No specific delimiters or boundary markers are used to isolate the data payload from potentially malicious instructions contained within that payload.
  • Capability inventory: The skill has the capability to write files to the local disk (qrcode.png, qrcode.svg) and output content directly to the terminal.
  • Sanitization: The implementation does not include any sanitization, filtering, or validation logic to inspect the payload before it is encoded into a QR code format.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:36 AM