Skills
skills/shaun-z/auto-claude-code-research-in-sleep/qzcli/Gen Agent Trust Hub

qzcli

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the qzcli_tool from a third-party GitHub repository (github.com/tianyilt/qzcli_tool) that is not recognized as a trusted vendor in the current context.\n- [CREDENTIALS_UNSAFE]: The skill provides examples of passing sensitive passwords directly as command-line arguments (e.g., qzcli login -u ... -p '...'), which can expose credentials in shell history logs or system process listings.\n- [CREDENTIALS_UNSAFE]: The tool manages authentication credentials in local configuration files (~/.qzcli/.env and config.json).\n- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary commands on the remote compute platform via the qzcli create --command flag, controlled by the agent.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and displays potentially untrusted metadata from the Qizhi platform.\n
  • Ingestion points: qzcli res -u (fetches workspace and resource names) and qzcli ls (fetches job details).\n
  • Boundary markers: None present to separate platform data from instructions.\n
  • Capability inventory: Bash(*) tool access and filesystem Write access.\n
  • Sanitization: No explicit sanitization of strings retrieved from the platform is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 03:14 AM