mixpanel-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill is entirely composed of Markdown documentation and YAML metadata. It contains no scripts, executables, or code files.
- [DATA_EXPOSURE] (SAFE): No hardcoded credentials, API keys, or sensitive local file paths (e.g., SSH keys or environment files) were found. Authentication is handled externally via Rube MCP's connection manager.
- [PROMPT_INJECTION] (SAFE): There are no patterns suggesting an attempt to override the AI agent's instructions, bypass safety filters, or extract system prompts.
- [REMOTE_CODE_EXECUTION] (SAFE): No suspicious remote downloads or shell execution patterns (e.g., curl | bash) were identified. The listed MCP endpoint is for standard server configuration.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill defines tools that process external Mixpanel data. While this creates a surface for indirect prompt injection if the data contains malicious text, this is an inherent risk of data-processing tools and not a flaw in the skill itself.
Audit Metadata