Skills
skills/aaaaqwq/agi-super-team/docusign-automation/Gen Agent Trust Hub

docusign-automation

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODEEXTERNAL_DOWNLOADS
Full Analysis
  • [NO_CODE]: The skill does not contain any executable scripts or code files. It is a set of instructions for using an external MCP server.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to connect to an external MCP server at https://rube.app/mcp. This serves as the remote source for tool definitions and execution logic.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its interaction with external DocuSign data.
  • Ingestion points: Untrusted data enters the context via DOCUSIGN_LIST_ALL_TEMPLATES, DOCUSIGN_GET_TEMPLATE, and DOCUSIGN_GET_ENVELOPE in SKILL.md.
  • Boundary markers: There are no boundary markers or instructions provided to the agent to distinguish between its own instructions and content found within DocuSign templates or envelopes.
  • Capability inventory: The skill has the capability to send envelopes and manage connections via DOCUSIGN_SEND_ENVELOPE and RUBE_MANAGE_CONNECTIONS in SKILL.md.
  • Sanitization: No evidence of input sanitization or validation of the content retrieved from DocuSign is present.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:59 AM