coda-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to add https://rube.app/mcp as an MCP server. This is a remote endpoint that provides the necessary tools for Coda interaction.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves potentially untrusted data from Coda and possesses tools for sensitive operations like adding permissions or publishing docs. * Ingestion points: SKILL.md (CODA_LIST_TABLE_ROWS, CODA_GET_A_PAGE, CODA_SEARCH_ROW, CODA_GET_A_ROW). * Boundary markers: No delimiters or warnings are specified in the prompt instructions. * Capability inventory: SKILL.md (CODA_UPSERT_ROWS, CODA_PUSH_A_BUTTON, CODA_ADD_PERMISSION, CODA_PUBLISH_DOC). * Sanitization: No explicit validation or filtering of ingested Coda content is described.
Audit Metadata