quinn-admin
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses established vendor-specific tools for its intended purpose. No patterns of credential theft, obfuscation, or malicious redirection were found within the instructions or code snippets.
- [EXTERNAL_DOWNLOADS]: References and utilizes official packages including @totoday/quinn-cli and @totoday/quinn-sdk. These are recognized as trusted vendor resources based on the skill author context.
- [COMMAND_EXECUTION]: The skill provides standard command-line instructions for npx-based CLI interaction and Node.js SDK usage to manage organizational data.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes organizational data that could be influenced by external actors. 1. Ingestion points: Member, role, and competency data fetched via @totoday/quinn-sdk in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded content are present. 3. Capability inventory: Includes administrative write operations such as updatePrivilege, updateManager, and updateRoles as described in SKILL.md. 4. Sanitization: No explicit data sanitization or validation logic is defined.
Audit Metadata