qmd
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to install a package directly from an untrusted GitHub URL (https://github.com/tobi/qmd) using bun install -g. This source is not on the list of trusted organizations, posing a risk of executing unverified external code.
- REMOTE_CODE_EXECUTION (HIGH): The installation and subsequent execution of the qmd CLI tool allows for the execution of code downloaded from an external, non-verified source.
- COMMAND_EXECUTION (MEDIUM): The skill performs command-line operations (qmd search, vsearch, hybrid) using arguments provided by the user, which presents a surface for command manipulation.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection because it indexes and returns snippets from local markdown vaults (Obsidian). If these files contain malicious instructions, they could influence the agent's behavior. Evidence: 1. Ingestion: Local markdown files via qmd search. 2. Boundary markers: Absent. 3. Capability: CLI execution and file reading via the Read tool. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata