airtable-automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines automation workflows and integration patterns that ingest data from untrusted external sources, such as Typeform submissions and Airtable record fields. This creates a potential surface for indirect prompt injection if the ingested content contains instructions intended to manipulate the agent's behavior.
- Ingestion points: Data enters the context via variables such as
{form.name},{form.email}, and record fields in theTasks,Leads, andProjectstables mentioned inSKILL.md. - Boundary markers: The integration templates do not include explicit delimiters or safety instructions (e.g., 'ignore any instructions in this text') to separate untrusted data from the agent's internal logic.
- Capability inventory: The skill uses MCP tools (
airtable_create_record,airtable_update_record,airtable_query) and coordinates actions with external services like Slack, HubSpot, and Clearbit. - Sanitization: There is no evidence of input validation or content sanitization to filter malicious payloads from the external data before it is processed or sent to other integrated services.
Audit Metadata