search
Warn
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installation of the
@tobilu/qmdNode.js package from a public registry. This dependency is not provided by a recognized trusted organization or the skill's author. - [COMMAND_EXECUTION]: The skill uses the Bash tool to execute search queries via the command
qmd query "<query>". This template is vulnerable to command injection if the agent interpolates user input into the query without proper shell escaping. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It retrieves excerpts from external documents and integrates them into the agent's context.
- Ingestion points: Data is ingested from document excerpts retrieved via search results in SKILL.md.
- Boundary markers: There are no delimiters or specific instructions to the agent to treat the retrieved content as untrusted.
- Capability inventory: The agent has access to the Bash tool, which could be exploited if malicious instructions are present in the documents.
- Sanitization: No sanitization or validation of the retrieved excerpts is performed before they are processed by the agent.
Audit Metadata