airtable-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (LOW): The skill instructs the user to connect to a third-party MCP server hosted at
https://rube.app/mcp. This domain is not part of the trusted organizations list, making it an unverified external dependency. - [Indirect Prompt Injection] (LOW): The skill defines a workflow that ingests untrusted data from an external source (Airtable), which could contain malicious instructions designed to manipulate the agent's behavior.
- Ingestion points: Data is ingested via
AIRTABLE_LIST_RECORDS,AIRTABLE_GET_RECORD, andAIRTABLE_LIST_COMMENTSfrom theSKILL.mdfile. - Boundary markers: Absent. The skill provides no instructions or delimiters to help the agent distinguish between data and instructions within the records.
- Capability inventory: The skill provides full CRUD capabilities on Airtable bases via
AIRTABLE_CREATE_RECORD,AIRTABLE_UPDATE_RECORD, andAIRTABLE_DELETE_RECORDas seen inSKILL.md. - Sanitization: Absent. There is no evidence of sanitization or validation of the content retrieved from Airtable before it is processed by the agent.
Audit Metadata