airtable-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is comprised entirely of YAML configuration and Markdown documentation, with no executable scripts, source code, or binary files included.
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to add an external MCP server from https://rube.app/mcp to their client configuration to access the necessary tools.
- [PROMPT_INJECTION]: The skill processes untrusted data from external Airtable records, which introduces a surface for indirect prompt injection. 1. Ingestion points: The skill retrieves data through tools such as AIRTABLE_LIST_RECORDS, AIRTABLE_GET_RECORD, and AIRTABLE_LIST_COMMENTS. 2. Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore potential commands within the data. 3. Capability inventory: The skill provides capabilities to modify external state, including AIRTABLE_CREATE_RECORD, AIRTABLE_UPDATE_RECORD, and AIRTABLE_DELETE_RECORD. 4. Sanitization: No mention of sanitization, escaping, or validation of the retrieved content is provided in the skill documentation.
Audit Metadata