emailoctopus-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown documentation and YAML configuration. No Python scripts, JavaScript files, or binary executables are included in the skill package.
- [EXTERNAL_DOWNLOADS] (SAFE): The documentation directs users to add a remote MCP server (https://rube.app/mcp). While this is an external third-party service, the skill itself does not perform any automated downloads or background execution of untrusted code.
- [PROMPT_INJECTION] (LOW): The skill documentation creates an indirect prompt injection surface by instructing the agent to dynamically fetch tool schemas and execution plans from the remote
RUBE_SEARCH_TOOLSendpoint. - Ingestion points: Dynamically generated tool schemas and execution plans from the Rube MCP server.
- Boundary markers: Absent; the instructions encourage the agent to follow the returned execution plans directly.
- Capability inventory: Significant capabilities available via
RUBE_MULTI_EXECUTE_TOOL(Emailoctopus API operations). - Sanitization: Not present in the skill instructions; relies on the underlying agent's safety filters.
Audit Metadata