skills/nvidia/skills/aiq-research/Gen Agent Trust Hub

aiq-research

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a local Python helper script, scripts/aiq.py, to interact with the research backend. This script is executed via the Bash tool to perform tasks like health checks, job submission, and polling. Analysis of the script shows it relies exclusively on Python's standard library modules (e.g., urllib, json, re) and does not perform any dangerous system operations or privilege escalation.
  • [EXTERNAL_DOWNLOADS]: The skill connects to a user-configurable backend server defined by the AIQ_SERVER_URL environment variable (defaulting to http://localhost:8000). The helper script validates these URLs to ensure they use proper protocols (HTTP/HTTPS), do not contain embedded credentials, and require HTTPS for non-local addresses. These network operations are intrinsic to the skill's primary function of retrieving research data.
  • [DATA_EXFILTRATION]: User queries are transmitted to the configured AI-Q server for processing. To mitigate the risk of unauthorized data exposure, the skill instructions explicitly mandate that the agent must disclose the target URL and obtain user confirmation before sending any data to a non-local backend. The script does not access sensitive local files or credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 08:25 AM
Security Audit — agent-trust-hub — aiq-research