qr-code
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a feature to decode QR codes from image files, which acts as an ingestion point for untrusted external data. This data could contain malicious instructions designed to manipulate the agent's logic once the decoded text is added to the conversation context.
- Ingestion points: The
pyzbar.decode(img)call inSKILL.mdretrieves content from arbitrary image files. - Boundary markers: None identified. The decoded content is returned or printed without delimiters or 'ignore' instructions.
- Capability inventory: The skill includes file system access for reading and writing images (
PIL.Image.open,qrcode.make_image(...).save). - Sanitization: None identified. The raw bytes from the QR code are decoded as UTF-8 and used directly.
Audit Metadata