pagerduty-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires connecting to an external MCP server endpoint at
https://rube.app/mcpto access PagerDuty automation tools. This is the intended delivery mechanism for the skill's functionality.\n- [PROMPT_INJECTION]: The skill processes untrusted data from external PagerDuty records, which creates a potential surface for indirect prompt injection attacks.\n - Ingestion points: Content retrieved from PagerDuty incident lists, alert details, and notes via tools like
PAGERDUTY_FETCH_INCIDENT_LISTandPAGERDUTY_GET_ALERTS_BY_INCIDENT_ID.\n - Boundary markers: The skill does not implement delimiters or instructions to ignore embedded commands within the retrieved PagerDuty data.\n
- Capability inventory: The skill is capable of modifying PagerDuty incidents, services, schedules, and escalation policies, which could be exploited if malicious instructions are followed.\n
- Sanitization: There is no evidence of sanitization or content validation for the data ingested from PagerDuty incidents.
Audit Metadata