qt-app-interaction
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill describes the use of
qt-ai-dev-tools, a specialized command-line utility for UI automation. All identified functionalities (tree inspection, clicking, typing, and screenshotting) are standard for UI testing and developer environments. - [COMMAND_EXECUTION]: Mentions the use of
vm runfor executing arbitrary system commands such aspytest,systemctl, and app launchers within a virtual machine. This is a legitimate feature for managing a test environment. - [DATA_EXFILTRATION]: Provides instructions for capturing UI screenshots (
screenshot -o /tmp/before.png) and widget tree snapshots (snapshot save before) to the local filesystem for debugging and verification. No network exfiltration or sensitive file access was observed. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads text content from third-party application UIs, which could theoretically contain malicious instructions.
- Ingestion points: Widget names, labels, and text properties are retrieved from applications via the
tree,find,text, andstatecommands. - Boundary markers: None are defined in the instructions for isolating UI content.
- Capability inventory: The agent can perform UI interactions (click, type, key) and execute shell commands (
vm run). - Sanitization: No sanitization or filtering of the text data ingested via the AT-SPI accessibility bus is described.
Audit Metadata