Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/qzcli/Gen Agent Trust Hub

qzcli

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs its core logic from a third-party GitHub repository (https://github.com/tianyilt/qzcli_tool).\n- [COMMAND_EXECUTION]: The skill requires the use of the Bash(*) tool to perform environment setup, job submission, and interactions with the Qizhi platform.\n- [CREDENTIALS_UNSAFE]: The skill manages authentication credentials, including usernames and passwords, by storing them in local environment files (~/.qzcli/.env) and configuration files (~/.qzcli/config.json).\n- [PROMPT_INJECTION]: The skill processes job statuses, resource names, and workspace details from the external Qizhi platform, creating a surface for potential indirect prompt injection attacks.\n
  • Ingestion points: Data from the shared platform is ingested via commands such as qzcli ls, qzcli status, and qzcli res.\n
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are included in the prompt templates.\n
  • Capability inventory: The agent has extensive capabilities, including full shell access (Bash(*)) and file operations (Read, Write).\n
  • Sanitization: There is no evidence of validation or sanitization of data retrieved from the remote platform before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 06:40 AM