basecamp-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to add an external MCP server endpoint (
https://rube.app/mcp) to their client configuration. This is the primary mechanism for the skill's functionality. - [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection because it reads and acts upon content from external sources (Basecamp).
- Ingestion points: External data enters the context via tools like
BASECAMP_GET_MESSAGE,BASECAMP_GET_BUCKETS_TODOLISTS_TODOS, andBASECAMP_GET_PEOPLE. - Boundary markers: The skill does not provide instructions for the agent to use delimiters or ignore instructions within the ingested content.
- Capability inventory: The skill has the capability to modify project access (
BASECAMP_PUT_PROJECTS_PEOPLE_USERS), post messages, and create tasks. - Sanitization: There is no mention of sanitizing or validating the content retrieved from Basecamp before processing.
- [NO_CODE]: The skill consists entirely of markdown instructions and does not include any scripts, executables, or configuration files other than the metadata.
Audit Metadata