quark-download-skill
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructions direct the agent to execute shell commands using
python3where user-controlled strings, such asKEYWORDandPWD_ID, are interpolated directly into the command line. If the agent does not strictly sanitize these inputs, it could lead to command injection. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from an external API. 1. Ingestion points: Metadata, titles, and notes for cloud resources are ingested from the PanSou aggregation API. 2. Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions when the agent parses the API's JSON response. 3. Capability inventory: The skill can execute local scripts and interact with the Quark desktop application. 4. Sanitization: Absent; the skill does not describe any validation or filtering of the external API content before presenting it to the user or using it in subsequent commands.
- EXTERNAL_DOWNLOADS (LOW): The skill makes network requests to the PanSou API and communicates with a local service on
localhost:9128. While these actions are part of the skill's intended functionality, interacting with third-party search aggregators involves processing unverified data.
Audit Metadata