Braintree Automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references and requires a connection to an external MCP server located at
https://rube.app/mcp. This domain is not included in the pre-defined trusted sources list. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes external data (customer records) while possessing the capability to execute financial transactions.
- Ingestion points: Customer metadata, descriptions, and search results retrieved via
STRIPE_GET_CUSTOMERS_CUSTOMERandSTRIPE_LIST_CUSTOMERS(File: SKILL.md). - Boundary markers: None identified. No delimiters or instructions are provided to the agent to ignore potentially malicious content within customer data.
- Capability inventory: Powerful financial operations including
STRIPE_CREATE_SUBSCRIPTIONandSTRIPE_ATTACH_PAYMENT_METHOD(File: SKILL.md). - Sanitization: No sanitization or validation of the ingested strings is documented.
- NO_CODE (SAFE): The skill consists entirely of markdown documentation and configuration metadata. No executable scripts (.py, .js, .sh) are provided within the skill package.
Audit Metadata