using-quip
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard system utilities (
curl,python3,sed) to interact with the Quip REST API and process JSON/HTML data. All shell commands are used for legitimate API orchestration. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill manages authentication via a user-supplied environment variable (
QUIP_ACCESS_TOKEN). It includes explicit safety instructions to avoid logging or echoing this credential in output, adhering to secret management best practices. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external Quip documents (via
GET threads/{thread_id}). - Ingestion points: Document HTML content retrieved from
platform.quip.com. - Boundary markers: No specific delimiters or safety warnings are implemented for the ingested content.
- Capability inventory: The agent can perform network requests and script execution, creating a potential path for data exfiltration if malicious instructions in a document are followed.
- Sanitization: The skill uses basic regex or Python parsers to strip HTML tags for readability but does not perform security-focused sanitization of the content before presenting it to the agent.
Audit Metadata