qveris

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly directs the agent to call QVeris MCP search_tools and execute_tool (see qveris-assistant/SKILL.md and qveris-coding/SKILL.md) and to use the CLI fallback scripts/qveris_tool.py which POSTs to https://qveris.ai/api/v1 to retrieve and present results from third-party APIs (web search, news, user-generated sources), so untrusted external content is fetched and used to drive tool selection and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill and CLI explicitly call the QVeris runtime API (base URL https://qveris.ai/api/v1) and the setup runs a remote MCP process (npx @qverisai/mcp), so at runtime this external service is required and can execute discovered tools/commands returned by the API, which directly affects agent behavior and triggers remote execution.