qveris
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits search queries and tool execution parameters to an external API (qveris.ai). This is the intended behavior for tool discovery and execution but involves sharing information with a third-party provider.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates data from a remote API into the agent's context. 1. Ingestion points: External content enters the agent's context through the QVeris API responses in
scripts/qveris_tool.py. 2. Boundary markers: The script does not utilize any delimiters or markers to separate the remote tool output from the core system instructions. 3. Capability inventory: The script possesses network access capabilities via thehttpxlibrary. 4. Sanitization: No sanitization, validation, or filtering is performed on the data returned from the remote service before it is displayed to the agent.
Audit Metadata