qmd
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires a global installation of the qmd tool from a remote GitHub repository (https://github.com/tobi/qmd). This source is an individual user account rather than a verified organization or a standard package registry.\n- [COMMAND_EXECUTION]: The skill's primary functionality is delivered through shell commands that interact with the local file system to index, update, and retrieve content.\n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by retrieving and processing the contents of local Markdown files.\n
- Ingestion points: File content retrieved from the local filesystem via qmd get and qmd search (SKILL.md).\n
- Boundary markers: Absent; there are no instructions to the agent to ignore or delimit embedded commands in retrieved notes.\n
- Capability inventory: Execution of shell commands (qmd) and local file system access.\n
- Sanitization: Absent; the skill does not specify any validation or filtering of the retrieved content.
Audit Metadata