Skills
skills/theqtcompanyrnd/agent-skills/qt-qml-docs/Gen Agent Trust Hub

qt-qml-docs

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands like ls or the Glob tool to check for existing documentation in the doc/ directory. This is used solely for project state discovery and user confirmation before overwriting files.
  • [PROMPT_INJECTION]: The skill processes untrusted external data (QML source code, C++ headers, and build files), creating a surface for indirect prompt injection if those files contain malicious instructions.
  • Ingestion points: Source files including .qml, .h, CMakeLists.txt, and qmldir are read as primary inputs in SKILL.md and platform variants.
  • Boundary markers: The platform-specific variants (platforms/copilot.prompt.md, platforms/windsurf.md) contain explicit instructions to treat source content as technical material and ignore any instructions found within them. The main SKILL.md relies on the task description but lacks explicit markers.
  • Capability inventory: The skill possesses file-read access, file-write access (to the doc/ subdirectory), and limited shell command execution for file listing.
  • Sanitization: No explicit sanitization or escaping of the source content is mentioned before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 02:06 PM