qveris

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's script (scripts/qveris_tool.py) and SKILL.md explicitly call the public QVeris API (https://qveris.ai/api/v1) to search and execute discovered tools and then read/display tool descriptions, examples and execution results from that third‑party service—content that is untrusted/user-provided and is interpreted to choose and drive subsequent actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill makes runtime calls to https://qveris.ai/api/v1 (via POST /search and POST /tools/execute) and requires QVERIS_API_KEY, and the /tools/execute endpoint is used to run remote tools (i.e., execute remote code) that directly control the agent's actions, so this external URL is a required runtime dependency that executes code.