composio
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): No patterns of prompt injection, jailbreak attempts, or instructions to ignore system safety guidelines were detected. The content is purely instructional and technical.
- DATA_EXFILTRATION (SAFE): The skill does not attempt to exfiltrate data. Conversely, it provides explicit guidance in
rules/app-modifiers.mdandrules/app-user-context.mdon how to filter sensitive data (e.g., tokens, passwords) from tool outputs and prevent unauthorized access to user-specific connected accounts. - CREDENTIALS_UNSAFE (SAFE): While the skill demonstrates how to manage API keys and OAuth credentials, it uses generic placeholders like
your-api-keyandyour_client_secret. No actual secrets are hardcoded. - REMOTE_CODE_EXECUTION (SAFE): The skill references legitimate packages from established registries (NPM and PyPI). It does not contain patterns for executing arbitrary code from untrusted remote sources or piped shell commands.
- DYNAMIC_EXECUTION (SAFE): The skill describes a framework for creating custom tools (
rules/app-custom-tools.md) and using execution hooks (rules/app-modifiers.md). These are standard extensibility features of the SDK intended for use by the application developer, and no patterns of executing untrusted or dynamically assembled code were found. - INDIRECT_PROMPT_INJECTION (LOW): The skill defines a surface for processing external data via webhooks in
rules/triggers-webhook.md. However, it provides robust remediation guidance, including mandatory HMAC signature verification and payload validation to mitigate risks from malicious external data.
Audit Metadata