OpenAI Automation
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires connection to a remote MCP server at
https://rube.app/mcp. Although this is an external dependency from a non-whitelisted domain, its use is directly tied to the skill's primary purpose of providing OpenAI automation through the Composio framework. - [PROMPT_INJECTION] (LOW): The skill accepts arbitrary text prompts and image URLs from users for processing by LLMs. Evidence Chain: 1. Ingestion points:
inputinOPENAI_CREATE_RESPONSE,promptinOPENAI_CREATE_IMAGE. 2. Boundary markers: Absent. 3. Capability inventory: Generates text, images, and embeddings via API. 4. Sanitization: None detected in the skill instructions. This surface is exploitable for indirect prompt injection. - [COMMAND_EXECUTION] (LOW): The skill operates via the Composio MCP integration, which executes model-requested tools. The execution environment is managed by the remote MCP host specified in the setup instructions.
Audit Metadata