apex27-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No patterns of instruction overrides, jailbreaks, or system prompt extraction were found in the skill content.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive local file path access detected. Authentication is handled via a managed connection flow (
RUBE_MANAGE_CONNECTIONS). - [Indirect Prompt Injection] (LOW): The skill has a surface for indirect injection by processing external tool schemas.
- Ingestion points: Tool definitions and schemas returned by the
RUBE_SEARCH_TOOLSendpoint. - Boundary markers: Absent. The skill does not explicitly instruct the agent to use delimiters or ignore embedded instructions within search results.
- Capability inventory: The skill can execute actions via
RUBE_MULTI_EXECUTE_TOOLbased on ingested schemas. - Sanitization: Not mentioned. The agent is expected to trust the output of the Rube MCP server.
- [External Downloads] (SAFE): The skill references an external MCP endpoint (
https://rube.app/mcp) and documentation (composio.dev) required for its stated purpose. No execution of untrusted remote scripts (e.g., curl|bash) was found. - [Obfuscation] (SAFE): No encoded strings, zero-width characters, or homoglyphs were detected.
Audit Metadata