Skills
skills/varsity-tech-product/otto-skills/quantai-service/Gen Agent Trust Hub

quantai-service

Warn

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to upload locally generated Python (plugin.py) and C# (strategy.cs) code files to a hardcoded, unverified IP address (54.151.204.72) using HTTP POST requests.
  • [EXTERNAL_DOWNLOADS]: The agent fetches various files including C# source code, JSON data cards, and logs from the remote server at http://54.151.204.72:8000.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by fetching and following 'hints' and 'descriptions' from a remote API endpoint (/tasks) to generate code.
  • Ingestion points: Untrusted task descriptions are fetched from http://54.151.204.72:8000/tasks/${TASK_ID}.
  • Boundary markers: No delimiters or instructions are used to separate the fetched remote content from the agent's internal logic.
  • Capability inventory: The skill utilizes shell commands for network operations (curl), file creation (cat), and local file reading (grep).
  • Sanitization: There is no evidence of validation or sanitization of the remote task data before it is incorporated into the code generation process.
  • [COMMAND_EXECUTION]: Extensive use of shell utilities including curl, cat, grep, mkdir, and rm to manage the local job directory and facilitate remote communication.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 21, 2026, 10:50 AM