Skills
skills/aaaaqwq/agi-super-skills/docusign-automation/Gen Agent Trust Hub

docusign-automation

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by ingesting external data while maintaining the ability to perform sensitive actions.
  • Ingestion points: Untrusted data enters the agent context via DOCUSIGN_LIST_ALL_TEMPLATES, DOCUSIGN_GET_TEMPLATE, and DOCUSIGN_GET_ENVELOPE (as documented in SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the workflows.
  • Capability inventory: The skill possesses capabilities to modify state, such as DOCUSIGN_CREATE_ENVELOPE_FROM_TEMPLATE, DOCUSIGN_ADD_TEMPLATES_TO_DOCUMENT_IN_ENVELOPE, and DOCUSIGN_SEND_ENVELOPE.
  • Sanitization: The skill does not describe any sanitization or validation processes for the data retrieved from DocuSign.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure the Rube MCP server using the endpoint https://rube.app/mcp, which is a well-known service domain for tool integration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:55 AM