qr-code-generator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface in the batch generation logic. Ingestion points: Data is ingested via a CSV file processed in 'scripts/batch_generate.py'. Boundary markers: Missing; the script does not validate or delimit the 'id' field to prevent path traversal characters. Capability inventory: The skill can write files to the local file system ('generate_qr.py') and execute local Python scripts via subprocess ('batch_generate.py'). Sanitization: While URLs and SVG content are properly sanitized using 'validate_url' and 'EscapeXML', the 'id' field from the CSV is used in 'os.path.join(args.outdir, f"{_id}.png")' without validation. This allows for directory traversal (e.g., using '../../' in the ID) to write files outside the intended output directory.
- [COMMAND_EXECUTION]: The skill uses 'subprocess.check_call' with a list of arguments in 'scripts/batch_generate.py' to execute its internal generation script. This implementation avoids the use of 'shell=True' and correctly mitigates the risk of shell command injection.
- [SAFE]: The skill utilizes well-known and reputable third-party libraries ('qrcode', 'pillow') and implements defensive coding practices such as explicit URL scheme validation and entity escaping for SVG generation.
Audit Metadata