aiq-research
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local Python helper script,
scripts/aiq.py, to interact with the research backend. This script is executed via theBashtool to perform tasks like health checks, job submission, and polling. Analysis of the script shows it relies exclusively on Python's standard library modules (e.g.,urllib,json,re) and does not perform any dangerous system operations or privilege escalation. - [EXTERNAL_DOWNLOADS]: The skill connects to a user-configurable backend server defined by the
AIQ_SERVER_URLenvironment variable (defaulting tohttp://localhost:8000). The helper script validates these URLs to ensure they use proper protocols (HTTP/HTTPS), do not contain embedded credentials, and require HTTPS for non-local addresses. These network operations are intrinsic to the skill's primary function of retrieving research data. - [DATA_EXFILTRATION]: User queries are transmitted to the configured AI-Q server for processing. To mitigate the risk of unauthorized data exposure, the skill instructions explicitly mandate that the agent must disclose the target URL and obtain user confirmation before sending any data to a non-local backend. The script does not access sensitive local files or credentials.
Audit Metadata