geoapify-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the user to add an external MCP server endpoint (
https://rube.app/mcp). This domain is not on the trusted organizations list. While necessary for the skill's primary function, it represents a dependency on an unverified third-party service.\n- [PROMPT_INJECTION] (LOW): The skill possesses an Indirect Prompt Injection surface (Category 8) by design.\n - Ingestion points: Untrusted data is ingested via
RUBE_SEARCH_TOOLS, which returns tool slugs, input schemas, and execution plans.\n - Boundary markers: Absent; the agent is instructed to use the returned schemas directly without validation or delimiters.\n
- Capability inventory: The skill has the capability to execute state-changing operations via
RUBE_MULTI_EXECUTE_TOOLand bulk operations throughRUBE_REMOTE_WORKBENCH.\n - Sanitization: No evidence of sanitization or schema verification is present in the skill instructions.\n- [REMOTE_CODE_EXECUTION] (LOW): The skill uses
RUBE_REMOTE_WORKBENCHandrun_composio_tool(), which are wrappers for executing remote capabilities defined by the external MCP provider. This allows the remote service to influence the agent's executable actions.
Audit Metadata