influxdb-cloud-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires adding an external MCP server (
https://rube.app/mcp). While standard for the Composio/Rube ecosystem, this endpoint is not on the pre-approved trusted source list and serves as the primary controller for tool definitions. - [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection (Category 8).
- Ingestion points: Tool schemas, input arguments, and recommended execution plans are dynamically retrieved from the
RUBE_SEARCH_TOOLSendpoint. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are implemented for the external tool metadata.
- Capability inventory: The skill possesses the capability to execute complex workflows via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHbased on the ingested data. - Sanitization: There is no evidence of sanitization or validation of the tool schemas returned by the external service before they are used to guide agent behavior.
Audit Metadata