pagerduty-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill identifies and references an external MCP server configuration at
https://rube.app/mcp. This is the intended endpoint for the Rube/Composio toolkit used for PagerDuty automation and is documented neutrally as it represents the skill's primary functional dependency. - [PROMPT_INJECTION]: An indirect prompt injection surface is present by design, as the skill processes untrusted external data from PagerDuty incidents.
- Ingestion points: Untrusted data enters the context through tools such as
PAGERDUTY_POST_INCIDENT_NOTE_USING_ID(incident notes),PAGERDUTY_GET_INCIDENT_ALERT_DETAILS(alert descriptions), andPAGERDUTY_CREATE_INCIDENT_RECORD(incident titles). - Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are defined in the skill logic for handling external PagerDuty data.
- Capability inventory: The skill possesses extensive management capabilities, including the ability to create and update services, escalation policies, on-call schedules, and teams.
- Sanitization: No explicit sanitization, validation, or escaping of ingested strings is defined in the documentation or tool sequence logic.
Audit Metadata