alva
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill checks for updates by querying the official GitHub repository for the alva-ai organization. It also directs the user to install necessary tools via npm from the primary registry. Both sources are trusted.
- [COMMAND_EXECUTION]: Shell scripts are utilized for version management and state tracking. The skill also makes extensive use of CLI tools to interface with the Alva platform for deploying data feeds and managing cloud-side analytics.
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by ingesting unstructured financial news and social media content. This risk is mitigated by a mandatory grounding process that requires the AI agent to verify all cited numbers and claims against verified source data.
Audit Metadata