Skills
skills/psylch/quark-search-skill/quark-search/Gen Agent Trust Hub

quark-search

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill constructs shell commands by interpolating variables like kw (search keyword) and pwd_id (resource ID) directly into curl command strings (Steps 1, 2, and 5). Since these variables are sourced from user input or untrusted third-party API results (PanSou) and are not shell-escaped or quoted, a malicious input or API response could include shell metacharacters (e.g., &, ;, $()) to execute arbitrary commands on the host machine.\n- REMOTE_CODE_EXECUTION (HIGH): The skill pipes output from a local application service (localhost:9128) directly to python3. While the command specifically uses -m json.tool for formatting, an automated scanner flagged this as a remote code execution pattern. If an attacker can influence the local service's output, they could potentially exploit the shell interaction or the interpreter.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill interacts with s.panhunt.com, an unverified third-party search aggregator, and drive-pc.quark.cn. It relies on these external sources to provide data that controls subsequent local execution parameters and user-facing links.\n- DATA_EXFILTRATION (LOW): The skill accesses local application status (isLogin) and cloud drive metadata. While used for legitimate functionality, this information exposure is a prerequisite for more advanced attacks, and the local service at port 9128 is accessed without authentication.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).\n
  • Ingestion points: Search results from the PanSou API (s.panhunt.com) in Step 1.\n
  • Boundary markers: Absent; the agent is instructed to directly parse and act upon data from external JSON responses.\n
  • Capability inventory: Execution of curl and open (browser) commands via shell, and interaction with a local unauthenticated service.\n
  • Sanitization: Absent; the skill suggests using strict=False when parsing JSON from the external API, which reduces the agent's ability to detect malformed or malicious payload structures.
Recommendations
  • HIGH: Downloads and executes remote code from: http://localhost:9128/desktop_info - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 03:11 AM