render-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing data from the Render API that could contain malicious instructions.
- Ingestion points: External data is brought into the agent context via the RENDER_LIST_SERVICES and RENDER_LIST_PROJECTS tools defined in SKILL.md.
- Boundary markers: The instructions do not define delimiters or specific 'ignore instructions' markers for data retrieved from Render.
- Capability inventory: The skill includes the ability to trigger deployments via RENDER_TRIGGER_DEPLOY in SKILL.md, which is a significant side-effect capability.
- Sanitization: There are no provided instructions for sanitizing or filtering API responses before processing.
- [EXTERNAL_DOWNLOADS]: The skill requires connecting to an external MCP server at https://rube.app/mcp, which is a third-party domain not included in the trusted source list.
- [DATA_EXFILTRATION]: Network communication is directed to the non-whitelisted domain rube.app for the purpose of MCP tool interaction.
Audit Metadata