Skills
skills/psylch/quark-search/quark-download/Gen Agent Trust Hub

quark-download

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script fetches search results from s.panhunt.com and performs resource validation via the official Quark domain drive-pc.quark.cn.
  • [COMMAND_EXECUTION]: The skill operates by executing a local Python script (quark_search.py) to handle API requests and communicate with the local Quark app.
  • [DATA_EXFILTRATION]: The script communicates with a local API service on localhost:9128 to trigger the Quark Desktop application's 'save' and 'info' functions. This is consistent with the skill's stated purpose of local app integration.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: Data is ingested from the third-party PanSou API (s.panhunt.com) during search operations in scripts/quark_search.py.
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are used in the markdown when presenting search results (notes/titles) to the user.
  • Capability inventory: The skill has the capability to trigger the local Quark application to open URLs and save resources via localhost:9128.
  • Sanitization: The script implements sanitization for share IDs using a regular expression ([a-zA-Z0-9]{6,32}) before passing data to the local application API, reducing the risk of command injection through the local port.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 06:42 AM