Qt Pilot Usage
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
launch_apptool enables the execution of arbitrary Python scripts or modules by providing a file path or module name. This grants the agent the ability to execute any code on the host machine where the MCP server is running.\n- [COMMAND_EXECUTION]: The skill requires and executes theXvfbbinary to facilitate headless GUI rendering. It also references a local shell script,scripts/check-prerequisites.sh, used for environment verification.\n- [DATA_EXFILTRATION]: Thecapture_screenshottool allows saving the application's visual state to a specified file path. This could be used to capture and store sensitive information displayed in the GUI, potentially leading to unauthorized data exposure.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads text directly from application widgets viaget_widget_infoandlist_all_widgets. If an application contains malicious instructions within its labels or text fields, it could manipulate the agent's logic.\n - Ingestion points: Widget text content and metadata retrieved from the target application through discovery tools.\n
- Boundary markers: No specific delimiters or instructions are used to isolate ingested UI text from the agent's command context.\n
- Capability inventory: The agent has access to powerful tools, including
launch_appfor code execution andtype_textfor UI interaction.\n - Sanitization: There is no evidence of sanitization or filtering of the text content retrieved from the GUI before it is presented to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata