Skills
skills/dkyazzentwatwa/chatgpt-skills/qr-barcode-reader/Gen Agent Trust Hub

qr-barcode-reader

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill decodes data from external, untrusted images (QR codes and barcodes) and returns the raw string to the agent without sanitization.
  • Ingestion points: scripts/qr_barcode_reader.py (line 31: obj.data.decode('utf-8'))
  • Boundary markers: Absent. The decoded data is returned directly in a dictionary.
  • Capability inventory: File system read (images), file system write (optional JSON output).
  • Sanitization: Absent. The skill performs direct UTF-8 decoding of the binary barcode data.
  • [External Downloads] (SAFE): The skill relies on pyzbar and pillow, which are standard, trusted packages for image processing and barcode decoding in the Python ecosystem.
  • Evidence: scripts/requirements.txt specifies pyzbar>=0.1.9 and pillow>=10.0.0.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:44 PM