qveris-cli

Fail

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The recommended installation method involves fetching a shell script from 'https://qveris.ai/cli/install' and piping it directly to bash. This pattern executes remote code on the host system to install the tool.
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to download software from the vendor's website ('qveris.ai') and the npm registry ('@qverisai/cli').
  • [COMMAND_EXECUTION]: The skill operates by executing shell commands, specifically the 'qveris' CLI tool and package managers 'npm' and 'npx' for installation and operation.
  • [PROMPT_INJECTION]: The skill processes data from third-party APIs via the 'qveris call' command, creating a surface for indirect prompt injection.
  • Ingestion points: Output from 'qveris call' and 'qveris discover' (SKILL.md).
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the skill.
  • Capability inventory: The skill can execute CLI commands and interact with the network (SKILL.md, README.md).
  • Sanitization: There is no evidence of sanitization for API outputs before processing.
Recommendations
  • HIGH: Downloads and executes remote code from: https://qveris.ai/cli/install - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 20, 2026, 06:15 AM
Security Audit — agent-trust-hub — qveris-cli