render-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill directs users to add an external MCP server (
https://rube.app/mcp). While this is the intended mechanism for the skill, the domain 'rube.app' is not on the predefined list of trusted organizations or repositories. Users should verify the security of the third-party MCP provider. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from the Render API.
- Ingestion points: Service names, descriptions, and project metadata are ingested via
RENDER_LIST_SERVICESandRENDER_LIST_PROJECTS. - Boundary markers: The instructions lack delimiters or 'ignore embedded instructions' warnings for data returned by the Render tools.
- Capability inventory: The skill has high-privilege capabilities, specifically
RENDER_TRIGGER_DEPLOY, which can modify production infrastructure. - Sanitization: There is no evidence of sanitization or validation for service metadata before it is processed by the agent.
Audit Metadata