Skills
AGENT LAB: SKILLS
skills/levineam/qmd-skill/qmd/Gen Agent Trust Hub

qmd

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill's metadata (SKILL.md) defines an installation command bun install -g https://github.com/tobi/qmd. This executes code from an untrusted external repository without version pinning or integrity verification.
  • REMOTE_CODE_EXECUTION (HIGH): The skill documentation states that it 'auto-downloads' GGUF models on the first run. The source of these models is unspecified, posing a risk of malicious model injection or exploitation of the local inference engine.
  • PERSISTENCE_MECHANISMS (MEDIUM): The 'Maintenance' and 'Keeping the index fresh' sections encourage users to configure cron jobs (e.g., 0 * * * * ... qmd update). While intended for indexing, this establishes a mechanism for recurring background execution of the untrusted binary.
  • INDIRECT_PROMPT_INJECTION (MEDIUM): The skill is designed to ingest and index local markdown files (qmd collection add). If an attacker places a malicious markdown file in an indexed directory, they could potentially influence the agent's reasoning or behavior when the content is retrieved during a search operation.
  • COMMAND_EXECUTION (LOW): The skill relies on executing shell commands (qmd search, qmd vsearch) and requires specific system dependencies like SQLite extensions, which increases the local attack surface.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 08:55 PM