cxxqt-rust-gui
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection in the command approval queue model. * Ingestion points: Command requests enter via the transport layer and are handled in the Rust backend state (Interactive-Terminal App Profile). * Boundary markers: No explicit sanitization or visual boundary markers for untrusted command metadata are demonstrated in the QML or bridge code snippets. * Capability inventory: Approved requests are routed for execution to terminal surfaces such as memory_terminal (referenced in Policy Cross-References). * Sanitization: The provided templates do not include logic for escaping or validating external content before display or processing.
- [COMMAND_EXECUTION]: The skill outlines an architecture for an approval gateway that orchestrates the execution of commands on the host system via MCP.
Audit Metadata