amplitude-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it handles external data.
- Ingestion points: The skill retrieves potentially untrusted data from Amplitude through tools like
AMPLITUDE_GET_USER_ACTIVITY,AMPLITUDE_FIND_USER, andAMPLITUDE_GET_COHORTas described inSKILL.md. - Boundary markers: There are no instructions to use delimiters or security markers to differentiate ingested data from system instructions.
- Capability inventory: The agent has the ability to perform write operations, including
AMPLITUDE_SEND_EVENTS,AMPLITUDE_IDENTIFY, andAMPLITUDE_UPDATE_COHORT_MEMBERSHIP. - Sanitization: The skill instructions do not specify any sanitization, validation, or escaping of the content retrieved from Amplitude before it is processed.
- [EXTERNAL_DOWNLOADS]: The setup instructions require the addition of an external third-party MCP server located at
https://rube.app/mcp, which is outside the list of trusted vendors.
Audit Metadata