Skills
skills/coval-ai/coval-external-skills/review-llm-annotations-and-improve-prompt/Gen Agent Trust Hub

review-llm-annotations-and-improve-prompt

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs various administrative actions using the coval CLI, including metrics update and review-annotations update. These operations are central to the skill's purpose and are protected by a requirement for explicit user confirmation before execution.
  • [DATA_EXFILTRATION]: The skill retrieves the COVAL_API_KEY from the local CLI configuration or environment variables to authenticate requests to the vendor's API. This is a legitimate use of credentials for authorized data retrieval from the official platform.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to api.coval.dev using curl to fetch extended metric information. This targets the vendor's official infrastructure and is consistent with the skill's operational requirements.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from simulation transcripts and reviewer notes.
  • Ingestion points: Transcript arrays and reviewer_notes fields are fetched in Phase 1, Step 2.
  • Boundary markers: No specific delimiters or instructions are used to isolate these inputs from the analysis prompt.
  • Capability inventory: The skill can execute shell commands to update metric prompts (coval metrics update) and modify human labels (coval review-annotations update).
  • Sanitization: No sanitization or filtering of the transcript or notes content is described before they are analyzed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 11:45 AM