benchmark-email-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references an external MCP server endpoint at https://rube.app/mcp. This domain is not included in the pre-approved trusted source list; however, the severity is downgraded as this connection is the primary purpose of the skill.
- PROMPT_INJECTION (LOW): This skill exhibits an indirect prompt injection vulnerability surface. 1. Ingestion points: Data is ingested into the agent context via responses from Benchmark Email tools (e.g., list data, campaign content). 2. Boundary markers: No delimiters or specific ignore-instructions are used to isolate untrusted external content. 3. Capability inventory: The agent has access to powerful execution tools including RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. 4. Sanitization: There are no instructions for sanitizing or validating external content before processing.
Audit Metadata