Skills
skills/aaaaqwq/claude-code-skills/amplitude-automation/Gen Agent Trust Hub

amplitude-automation

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (LOW): The skill is designed to handle sensitive user data, including user IDs, emails, and detailed event histories. While this is the intended purpose of the Amplitude integration, users should be aware that PII is processed and transmitted through the Rube MCP gateway to Amplitude.
  • Unverifiable Dependencies (LOW): The skill requires the configuration of an external MCP server at https://rube.app/mcp. This source is not on the predefined trusted list, representing a dependency on a third-party service provider for tool execution logic.
  • Indirect Prompt Injection (LOW): The skill presents an attack surface for indirect prompt injection as it ingests untrusted data from external sources (Amplitude user activity and cohort lists).
  • Ingestion points: Data returned from AMPLITUDE_GET_USER_ACTIVITY and AMPLITUDE_FIND_USER enters the agent context.
  • Boundary markers: Absent; the skill does not define specific delimiters for processed data.
  • Capability inventory: The agent has state-changing capabilities such as AMPLITUDE_SEND_EVENTS and AMPLITUDE_UPDATE_COHORT_MEMBERSHIP.
  • Sanitization: No explicit sanitization or validation of external content is mentioned in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 03:09 PM