Skills
skills/coval-ai/coval-external-skills/onboard/Gen Agent Trust Hub

onboard

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to download and install the coval CLI from official vendor repositories on GitHub, as well as via Homebrew and Cargo.\n- [COMMAND_EXECUTION]: The skill performs extensive command-line operations using the coval tool to automate the creation of agents, personas, test sets, and metrics.\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect command injection where untrusted data is processed and used in shell commands.\n
  • Ingestion points: User-supplied values for agent names, endpoint URLs, phone numbers, and custom requirement prompts are collected throughout the onboarding process (Phases 1-5).\n
  • Boundary markers: Variables are placed inside double quotes in the shell templates (e.g., "<name>"), which is insufficient to prevent all forms of shell injection.\n
  • Capability inventory: The skill uses the coval CLI to perform network operations and resource creation via multiple subprocess calls.\n
  • Sanitization: There is no evidence of input validation or sanitization to filter shell metacharacters from user-provided strings before they are executed in the CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 12:43 AM