square-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data from Square payments, orders, and invoices that could potentially contain malicious instructions targeting the AI agent.
- Ingestion points: Untrusted data enters the agent context through tools like
SQUARE_LIST_PAYMENTS,SQUARE_SEARCH_ORDERS, andSQUARE_LIST_INVOICES. - Boundary markers: The skill lacks explicit instructions or delimiters to ensure the agent ignores potential commands embedded within retrieved data fields.
- Capability inventory: The agent possesses significant capabilities including the ability to cancel payments, update orders, and cancel invoices.
- Sanitization: No sanitization or validation of the retrieved Square data is described in the skill.
- [EXTERNAL_DOWNLOADS]: The skill requires the user to connect to an external, third-party MCP server endpoint at
https://rube.app/mcpfor its operation.
Audit Metadata