Skills
skills/manojbajaj95/gtm-skills/qr-code-generator/Gen Agent Trust Hub

qr-code-generator

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface. The skill processes untrusted data from URLs and CSV files which is then rendered into output files. 1. Ingestion points: CSV data in scripts/batch_generate.py and URL/caption strings in scripts/generate_qr.py. 2. Boundary markers: Absent. 3. Capability inventory: File writing (PNG/SVG) and subprocess execution of local scripts. 4. Sanitization: Includes URL validation and XML escaping for SVG content, which mitigates common injection risks.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill depends on standard, reputable Python packages qrcode and pillow as listed in scripts/requirements.txt.
  • [COMMAND_EXECUTION] (SAFE): scripts/batch_generate.py executes the local generate_qr.py script using a list-based argument structure with subprocess.check_call, effectively preventing shell injection vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 03:52 PM