aiq-research
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a helper script (
scripts/aiq.py) written in Python that depends only on standard library modules (urllib.request,json, etc.), avoiding third-party supply chain risks. - [SAFE]: The helper script includes robust input validation, using regular expressions to verify job IDs and agent types, and path validation to prevent API path traversal or malformed requests.
- [SAFE]: Security controls for network operations are present; the script enforces the use of HTTPS for any non-localhost backend URLs and explicitly forbids embedded credentials (username/password) within the server URL.
- [SAFE]: The instructions in
SKILL.mdmandate that the agent must disclose and confirm the target backend URL with the user before transmitting any query text, particularly for non-local endpoints. - [SAFE]: No evidence of prompt injection, persistence mechanisms, privilege escalation, or obfuscation was found in any of the analyzed files.
Audit Metadata