migrate-bluejay
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Employs
curlto perform automated data retrieval from Bluejay and resource creation on Coval as part of the migration workflow. - [DATA_EXFILTRATION]: Performs data transfer between
api.getbluejay.aiandapi.coval.dev. The scope is limited to migration of agents, metrics, and personas between these specific platforms using user-provided API keys. The skill does not communicate with non-essential third-party domains. - [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where text from Bluejay entities is used to construct new resources in Coval.
- Ingestion points: Agent prompts, goals, and persona traits fetched from the Bluejay API in
Step 1andStep 5. - Boundary markers: Absent; Bluejay data is concatenated into JSON payloads for Coval API requests without specific delimiters.
- Capability inventory: The skill performs network operations via
curl. It is also restricted bydisable-model-invocation: trueinSKILL.md, which prevents the agent from being manipulated into unintended actions during the migration process. - Sanitization: Absent; content is migrated verbatim between platforms.
Audit Metadata