Skills
skills/cloudsen/eliteforge-skills/eliteforge-qingtui-cli/Gen Agent Trust Hub

eliteforge-qingtui-cli

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses pipx to install and maintain the qingtui utility and executes shell commands to perform platform operations such as user lookup and message sending.
  • [EXTERNAL_DOWNLOADS]: The skill fetches the eliteforge-qingtui-cli package from the official Python Package Index (PyPI).
  • [CREDENTIALS_UNSAFE]: Authentication is handled via QINGTUI_APPID and QINGTUI_SECRET environment variables. The skill instructions correctly advise users to provide these in the environment, following standard security practices for CLI tools.
  • [PROMPT_INJECTION]: The skill processes JSON data from the QingTui API, which represents an indirect injection surface. 1. Ingestion points: outputs from qingtui list-users and qingtui resolve-users. 2. Boundary markers: Absent. 3. Capability inventory: qingtui send-text, pipx install. 4. Sanitization: No explicit sanitization of API data is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 09:46 AM