QuickBooks Automation
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill interacts with QuickBooks Online through the specified Rube MCP server and Composio toolkit. No exfiltration to unauthorized or suspicious third-party domains was observed.
- [Prompt Injection] (SAFE): The skill instructions are purely functional and do not contain patterns attempting to override agent behavior, bypass safety filters, or extract system prompts.
- [Indirect Prompt Injection] (LOW): As a data-processing skill, it ingests external records (customers, invoices) that could potentially contain malicious instructions. However, this is an inherent risk of the integration type rather than a specific malicious design in the skill itself.
- Ingestion points: Data is retrieved via
QUICKBOOKS_READ_CUSTOMER,QUICKBOOKS_QUERY_ACCOUNT, andQUICKBOOKS_LIST_INVOICES. - Boundary markers: The skill does not explicitly define markers to delimit untrusted data.
- Capability inventory: The skill possesses write capabilities such as
QUICKBOOKS_CREATE_INVOICEandQUICKBOOKS_CREATE_CUSTOMER. - Sanitization: No specific sanitization logic is defined within the skill markdown.
- [Dependencies] (SAFE): The dependency on the Rube MCP server is standard for this integration, and no unverifiable remote scripts or packages are downloaded or executed.
Audit Metadata