dropbox-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from an external storage service.
- Ingestion points: Data enters the agent's context through tools like
DROPBOX_READ_FILE(reading file content) andDROPBOX_SEARCH_FILE_OR_FOLDER(processing search results). - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to prevent the model from executing commands found within the retrieved files.
- Capability inventory: The skill possesses capabilities that could be abused if an injection is successful, including file modification (
DROPBOX_UPLOAD_FILE), deletion (DROPBOX_DELETE_FILE_OR_FOLDER), and the creation of public sharing links (DROPBOX_CREATE_SHARED_LINK). - Sanitization: No validation or sanitization logic is defined for the external content before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server endpoint (
https://rube.app/mcp) to provide the necessary tool definitions.
Audit Metadata