google-cloud-vision-automation
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (LOW): The skill instructions require the user to add an external MCP server endpoint (https://rube.app/mcp). This domain is not on the list of trusted external sources. While this is central to the skill's purpose for interacting with Composio, it establishes a dependency on third-party infrastructure that controls the tools available to the agent.
- Indirect Prompt Injection (LOW): The skill is designed to ingest and act upon data from an external source through a dynamic discovery mechanism.
- Ingestion points: Data enters the context via the
RUBE_SEARCH_TOOLSresponse, which provides tool schemas and execution plans. - Boundary markers: Absent. The skill does not define delimiters or provide instructions to the agent to ignore potentially malicious content within the discovered schemas.
- Capability inventory: The skill has access to high-privilege operations including
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(which supportsrun_composio_tool()). - Sanitization: Absent. There is no evidence of validation or sanitization of the tool arguments or schemas returned by the remote server before they are used in execution.
Audit Metadata