Skills
skills/quick-brown-foxxx/pyqt-agent-infra/qt-desktop-integration/Gen Agent Trust Hub

qt-desktop-integration

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the operating system's desktop environment into the agent's context.
  • Ingestion points: External data enters through notify listen (capturing notification summaries and bodies) and tray menu (reading menu item labels) in SKILL.md.
  • Boundary markers: There are no explicit delimiters or warnings to the agent to disregard instructions embedded within the captured notification or menu data.
  • Capability inventory: The skill possesses capabilities that can be triggered based on this data, such as tray select, notify action, and various audio control commands in SKILL.md.
  • Sanitization: The skill lacks mechanisms to sanitize or validate strings retrieved from the D-Bus notification and tray services before they are presented to the LLM.
  • [COMMAND_EXECUTION]: The skill relies on the qt-ai-dev-tools CLI to perform system-level operations. It executes commands for listing and clicking tray items, managing notifications, and controlling PipeWire audio streams (e.g., audio virtual-mic, audio record).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 10:19 PM