quark-download
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted text from third-party search results without sufficient isolation.\n
- Ingestion points: The
scripts/quark_search.pyscript fetches resource descriptions ('note' field) and file names from the PanSou API (s.panhunt.com) and the Quark cloud share pages.\n - Boundary markers: No explicit delimiters or instructions are provided in
SKILL.mdto ensure the agent ignores instructions embedded within the search data.\n - Capability inventory: The agent can execute file system operations and network requests via the provided Python script, which interacts with both external APIs and the local system environment.\n
- Sanitization: No sanitization or filtering of the search result metadata is performed before it is presented to the agent for processing.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to
s.panhunt.comto fetch search results and API health configuration. While this is the intended functionality, it involves reliance on an unverified third-party aggregation service.\n- [COMMAND_EXECUTION]: The skill interacts with the local Quark desktop app API atlocalhost:9128to perform 'check' and 'save' operations. This requires the user to have the application running locally and allows the skill to trigger application-specific workflows like opening shares and checking login status.
Audit Metadata