qmd
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes dynamic context injection to execute a 'qmd status' command when loaded. This is a diagnostic check to verify tool installation and does not pose a security risk.
- [EXTERNAL_DOWNLOADS]: The skill depends on the '@tobilu/qmd' npm package, which is the legitimate software required for the skill's markdown search functionality.
- [COMMAND_EXECUTION]: The skill uses the 'qmd' CLI via Bash to perform searches and retrieve document content from the user's local filesystem.
- [PROMPT_INJECTION]: The skill processes content from local markdown files, which is a standard surface for indirect prompt injection. This risk is inherent to the skill's primary purpose of searching and reading documentation.
- Ingestion points: Data is ingested from markdown files using the 'qmd query', 'qmd get', and 'qmd multi_get' tools.
- Boundary markers: None. The skill does not wrap searched content in delimiters or include instructions for the agent to ignore embedded commands.
- Capability inventory: The skill possesses the capability to execute 'qmd' commands via the Bash tool.
- Sanitization: None. The skill presents retrieved file content to the agent without sanitization or validation.
Audit Metadata