qr-code
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides a QR code decoding feature that creates a surface for indirect prompt injection. 1. Ingestion points: Untrusted data is read from images using pyzbar.decode in SKILL.md. 2. Boundary markers: No delimiters or protective instructions are used when outputting decoded strings to the agent context. 3. Capability inventory: The skill performs file system operations including opening and saving images. 4. Sanitization: Decoded data is processed as a raw UTF-8 string without validation or filtering.
- [EXTERNAL_DOWNLOADS]: The skill references external dependencies including the pyzbar Python package and the zbar system library which are well-known tools for QR code processing.
Audit Metadata