postgrid-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface. The skill directs the agent to call
RUBE_SEARCH_TOOLSto fetch tool schemas and 'recommended execution plans' at runtime. Because these plans are used to guide the agent's actions, a compromised or malicious MCP server could provide instructions that override the user's intent. - Ingestion points: Tool metadata and execution plans returned by the
RUBE_SEARCH_TOOLSfunction. - Boundary markers: Absent. The skill instructions do not specify any delimiters or safety prompts to prevent the agent from obeying instructions embedded within the tool search results.
- Capability inventory: The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, which allow for broad execution of Postgrid operations. - Sanitization: Absent. There is no mechanism described to validate or sanitize the execution plans before the agent acts on them.
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the configuration of an external MCP server endpoint (
https://rube.app/mcp). While necessary for the skill's functionality, this domain is not on the trusted sources list, making it an unverified external dependency.
Audit Metadata