Skills
skills/qverisai/open-qveris-skills/qveris-official/Gen Agent Trust Hub

qveris-official

Fail

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The installation instructions in instruct.md prompt the agent to append the QVERIS_API_KEY to the user's ~/.bashrc (or ~/.zshrc) file to ensure the credential persists across sessions. Modifying shell configuration files is a persistence mechanism.
  • [EXTERNAL_DOWNLOADS]: The instruct.md file contains instructions to fetch the skill definition (SKILL.md) and several implementation scripts (qveris_env.mjs, qveris_client.mjs, qveris_tool.mjs) from https://qveris.ai using curl.
  • [COMMAND_EXECUTION]: The skill documentation defines an invocation strategy (Tier 3) that relies on executing the node CLI tool to run local scripts with user-supplied arguments.
  • [PROMPT_INJECTION]: The skill processes data from an external API (capability discovery and tool output) which could contain malicious instructions designed to influence agent behavior (Indirect Prompt Injection surface).
  • Ingestion points: External data enters the context via the discover and call commands in qveris_tool.mjs.
  • Boundary markers: None present; output is displayed as formatted text or raw JSON.
  • Capability inventory: The environment supports shell command execution (node) and HTTP requests via fetch.
  • Sanitization: Descriptions are truncated for display, but full results are processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 25, 2026, 12:58 PM