duvo-cli
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@duvoai/clipackage from NPM. This is a vendor-provided tool necessary for the skill's primary function of interacting with the Duvo platform. - [COMMAND_EXECUTION]: The skill utilizes the
duvoCLI binary and its subcommands to manage agent resources. It features an 'api escape hatch' (duvo api) that allows the agent to execute arbitrary HTTP requests to the vendor's public API endpoints. - [DATA_EXFILTRATION]: The CLI provides mechanisms to read local file content and upload it to the vendor's infrastructure at
api.duvo.ai(e.g., viaduvo sandboxes uploador the@filesyntax induvo api). While functional for staging agent data, these capabilities could be exploited to exfiltrate sensitive files from the local environment if prompted maliciously. - [PROMPT_INJECTION]: The skill retrieves and displays data from the Duvo API and uploaded files, which may contain malicious instructions designed to manipulate the agent's behavior (Indirect Prompt Injection).
- Ingestion points: Data enters the agent's context through commands like
duvo runs messages,duvo cases get, andduvo files content. - Boundary markers: No specific delimiters or warnings to ignore embedded instructions were identified in the retrieval process.
- Capability inventory: The skill has access to network operations (
duvo api), file writing (duvo files content-set), and destructive platform actions (duvo agents delete,duvo runs stop). - Sanitization: There is no evidence of sanitization or validation of the content retrieved from external API responses or file reads.
Audit Metadata