givebutter-automation
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the user to connect to an external MCP server at
https://rube.app/mcp. As this source is not part of the trusted organization list, it represents an unverifiable external dependency. - [PROMPT_INJECTION] (LOW): The skill utilizes a dynamic tool discovery and execution workflow (Category 8 surface). It ingests schemas and instructions from an external source to determine its execution plan. \n- Evidence Chain: \n
- Ingestion points: Tool metadata and schemas are fetched at runtime via
RUBE_SEARCH_TOOLS. \n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the search patterns. \n
- Capability inventory: The skill can execute various Givebutter API operations, including data modification and retrieval, via
RUBE_MULTI_EXECUTE_TOOL. \n - Sanitization: There is no evidence of input validation or sanitization for the data received from the external MCP server.
Audit Metadata