coda-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to process data from external Coda documents, which serves as a vector for indirect prompt injection.
- Ingestion points: Data is ingested through tools like
CODA_LIST_TABLE_ROWS,CODA_SEARCH_ROW,CODA_GET_A_ROW, andCODA_GET_A_PAGE. - Boundary markers: Absent. The instructions do not provide delimiters or system instructions to ignore potential commands embedded within document content.
- Capability inventory: The skill has high-impact capabilities, including
CODA_ADD_PERMISSION(access control management),CODA_PUBLISH_DOC(making data public), andCODA_UPSERT_ROWS(modifying document data). - Sanitization: Absent. There is no mention of sanitizing or validating the content retrieved from Coda before processing.
- External Service Dependency (SAFE): The skill requires the user to add
https://rube.app/mcpas an MCP server. While this is a third-party service (Composio), it is the primary infrastructure for the skill and no malicious behavior was detected in the configuration instructions.
Audit Metadata