qveris-official

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required discover/call workflow (see SKILL.md and scripts/qveris_tool.mjs + scripts/qveris_client.mjs) explicitly supports discovering and invoking web-extraction/web-scraping and social/news APIs via QVeris and returns arbitrary third‑party content (including full_content_file_url) that the agent is expected to read and can influence subsequent tool selection and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill downloads and runs code and relies on live tool definitions from https://qveris.ai (e.g., curl https://qveris.ai/skills/qveris-official/scripts/qveris_tool.mjs and runtime API calls to https://qveris.ai/api/v1), so external content is fetched at install/runtime and directly controls tool discovery/calls and executes code.