qml-build-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides comprehensive and technically accurate instructions for automating the deployment of Qt/QML applications. The PowerShell templates use standard cmdlets like
Copy-Item,Join-Path, andTest-Pathto manage dependencies. - [COMMAND_EXECUTION]: The provided scripts execute standard build tools such as
cargo,windeployqt.exe, and the resulting application binary. These operations are essential to the skill's stated purpose of building and running software. - [INDIRECT_PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as the PowerShell templates ingest external path data through script parameters (e.g.,
$QtDir). - Ingestion points: PowerShell
paramblocks inSKILL.md(e.g.,$QtDir,$Profile). - Boundary markers: None identified.
- Capability inventory:
Copy-Item,Start-Process, and call operator (&) for executing binaries inSKILL.md. - Sanitization: The script implements basic validation using
Test-Pathto ensure directories exist before operations. - [DATA_EXFILTRATION]: No sensitive file access or unauthorized network operations were detected. The scripts modify the local
$env:PATHand redirect error output to local log files (qt_debug.log), which are standard practices for development environments.
Audit Metadata