qveris-official

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and README explicitly instruct agents to query the QVeris API (scripts/qveris_tool.mjs calls https://qveris.ai/api/v1) which aggregates and returns data from open/public sources including web search, news, and social media, and those results are read and used by the agent to select and execute tools—exposing it to untrusted third‑party content that can influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill makes runtime calls to the QVeris API at https://qveris.ai/api/v1 (see scripts/qveris_tool.mjs), requires a QVERIS_API_KEY, and uses that API both to fetch tool definitions that guide agent behavior and to invoke/execute remote tools, so external content at that URL can directly control agent actions and trigger remote executions.