amplitude-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [External Downloads] (LOW): The skill references 'https://rube.app/mcp' and 'composio.dev' for its core functionality. These domains are not included in the trusted source whitelist.
- [Remote Code Execution] (LOW): The integration requires registering an external MCP server, which executes remote logic. As this is the intended purpose of the skill, the severity is low, but the source remains untrusted.
- [Prompt Injection] (LOW): The skill exhibits an indirect prompt injection surface (Category 8). 1. Ingestion points: User-provided event names, properties, and IDs in 'AMPLITUDE_SEND_EVENTS' and 'AMPLITUDE_IDENTIFY'. 2. Boundary markers: None present. 3. Capability inventory: Ability to transmit data to external Amplitude APIs. 4. Sanitization: No input validation or filtering is specified in the skill instructions.
Audit Metadata