qmd
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates a global installation of the 'qmd' tool from a third-party GitHub repository (https://github.com/tobi/qmd) using Bun. This source is not on the trusted vendors list.
- [COMMAND_EXECUTION]: The skill requires executing several shell commands for installation and operation, including 'bun install', 'brew install', and various 'qmd' subcommands (search, vsearch, query, collection, embed, update) which interact with the local filesystem and package managers.
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by indexing and retrieving content from local Markdown documents.
- Ingestion points: Local file content retrieved through 'qmd get', 'qmd multi-get', and 'qmd search'.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat retrieved file content as untrusted data.
- Capability inventory: The skill possesses capabilities to execute shell commands and read arbitrary files within indexed collections.
- Sanitization: No sanitization, escaping, or validation of the retrieved Markdown content is implemented before it is processed by the agent.
Audit Metadata