qveris
Fail
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches installation scripts for the uv package manager from astral.sh and the QVeris MCP server from the npm registry via npx.\n- [REMOTE_CODE_EXECUTION]: Downloads and executes shell scripts from astral.sh using piped shell commands (curl | sh) and PowerShell Invoke-Expression (iex).\n- [COMMAND_EXECUTION]: Instructs the agent to modify user shell configuration files (~/.bashrc, ~/.zshrc) and system environment variables (setx) to persist API keys.\n- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via untrusted data from external APIs.\n
- Ingestion points: API results from qveris.ai processed by scripts/qveris_tool.py.\n
- Boundary markers: Absent. No instructions are provided to help the agent distinguish between tool results and system instructions.\n
- Capability inventory: Network access via httpx and local command execution via uv run.\n
- Sanitization: Absent. The skill displays raw API data directly to the user/agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata