aiq-research

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses a helper script (scripts/aiq.py) written in Python that depends only on standard library modules (urllib.request, json, etc.), avoiding third-party supply chain risks.
  • [SAFE]: The helper script includes robust input validation, using regular expressions to verify job IDs and agent types, and path validation to prevent API path traversal or malformed requests.
  • [SAFE]: Security controls for network operations are present; the script enforces the use of HTTPS for any non-localhost backend URLs and explicitly forbids embedded credentials (username/password) within the server URL.
  • [SAFE]: The instructions in SKILL.md mandate that the agent must disclose and confirm the target backend URL with the user before transmitting any query text, particularly for non-local endpoints.
  • [SAFE]: No evidence of prompt injection, persistence mechanisms, privilege escalation, or obfuscation was found in any of the analyzed files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — aiq-research