breezy-hr-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of markdown documentation. No scripts (Python, JavaScript, Shell) or binaries are included in the package.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references the Rube MCP endpoint (
https://rube.app/mcp) and Composio documentation. These are standard configuration references for the intended functionality and do not involve automated or hidden downloads of untrusted code. - [DATA_EXFILTRATION] (SAFE): No patterns of credential harvesting or unauthorized data transmission were detected. Authentication is handled via the documented
RUBE_MANAGE_CONNECTIONStool pattern which redirects users to an official OAuth/auth flow. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process data from an external HR system (Breezy HR).
- Ingestion points: Breezy HR candidate data and job descriptions retrieved via tool outputs.
- Boundary markers: Absent; the instructions do not specify the use of delimiters for external data.
- Capability inventory: Uses
RUBE_MULTI_EXECUTE_TOOLwhich can perform write actions in the HR system. - Sanitization: Not explicitly documented.
- Assessment: While an attack surface exists if an attacker places malicious instructions in a job application, the risk is inherent to the HR automation use case and handled by the underlying LLM's safety filters.
Audit Metadata