qveris-cli
Fail
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The recommended installation method involves fetching a shell script from 'https://qveris.ai/cli/install' and piping it directly to bash. This pattern executes remote code on the host system to install the tool.
- [EXTERNAL_DOWNLOADS]: The skill directs the user to download software from the vendor's website ('qveris.ai') and the npm registry ('@qverisai/cli').
- [COMMAND_EXECUTION]: The skill operates by executing shell commands, specifically the 'qveris' CLI tool and package managers 'npm' and 'npx' for installation and operation.
- [PROMPT_INJECTION]: The skill processes data from third-party APIs via the 'qveris call' command, creating a surface for indirect prompt injection.
- Ingestion points: Output from 'qveris call' and 'qveris discover' (SKILL.md).
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the skill.
- Capability inventory: The skill can execute CLI commands and interact with the network (SKILL.md, README.md).
- Sanitization: There is no evidence of sanitization for API outputs before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://qveris.ai/cli/install - DO NOT USE without thorough review
Audit Metadata