qveris-official
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests and processes tool metadata and results from the QVeris API tools.
- Ingestion points: Untrusted data enters the agent's context from API responses fetched in
scripts/qveris_client.mjs. - Boundary markers: The skill does not implement specific delimiters or instructions to the agent to ignore potentially malicious content within the tool results.
- Capability inventory: The skill allows network requests to be made to the vendor's API.
- Sanitization: Data is parsed as JSON, but the textual content is not sanitized for natural language instructions.
- [SAFE]: The skill uses the
QVERIS_API_KEYenvironment variable for authentication, which is a standard and secure practice for credential management. - [SAFE]: Outbound network traffic is limited to the official vendor domain (
qveris.ai) via HTTPS. - [SAFE]: The implementation relies exclusively on built-in Node.js features (fetch, AbortController) and does not require external package installations or runtime script generation.
- [SAFE]: Installation and persistence instructions are transparent and emphasize non-persistent session setup to avoid unauthorized system modifications.
Audit Metadata