setup-agent
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the coval CLI tool to perform agent management tasks, including identity verification, listing existing agents, creating new ones, and updating their configurations with prompts and metrics.
- [EXTERNAL_DOWNLOADS]: The instructions direct users to official Coval domains (coval.dev and app.coval.dev) for account creation, API key management, and dashboard access. These resources are official vendor sites.
- [PROMPT_INJECTION]: The skill processes user-supplied data such as agent names, system prompts, and URLs, which are used as arguments in shell commands for the coval CLI. This creates an attack surface for indirect prompt injection or command injection. * Ingestion points: User input collected for agent name, endpoint URLs, phone numbers, system prompts, and resource IDs in SKILL.md, as well as existing agent data fetched via 'coval agents list'. * Boundary markers: There are no explicit instructions for the agent to use delimiters or shell-escaping when constructing commands with user-supplied input. * Capability inventory: The skill uses shell execution via the coval CLI across multiple steps in SKILL.md to create and update agent configurations. * Sanitization: While the skill suggests validation for phone number formats and URL schemes, it does not specify sanitization or escaping for free-text inputs like agent names or system prompts before they are interpolated into shell commands.
Audit Metadata