make-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references an external MCP server endpoint (https://rube.app/mcp). While this domain is not on the trusted list, it is the legitimate provider for the Rube MCP service.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from the Make API.
- Ingestion points: Data enters via the MAKE_GET_OPERATIONS tool which retrieves logs from the Make platform.
- Boundary markers: No specific delimiters or warnings to ignore embedded instructions are provided in the workflows.
- Capability inventory: The agent has capabilities to interact with multiple tools and report data to users.
- Sanitization: There is no evidence of sanitization for the retrieved logs before they are analyzed by the agent.
- REMOTE_CODE_EXECUTION (SAFE): The documentation mentions RUBE_REMOTE_WORKBENCH as an alternative for data transformation, but the skill itself does not provide or execute any remote payloads.
Audit Metadata