resend-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill configuration requires the addition of an external MCP server (https://rube.app/mcp). While this is the operational endpoint for the service, the domain is not included in the pre-approved trusted sources list, constituting an untrusted external dependency.
- [Indirect Prompt Injection] (LOW): The core workflow relies on dynamic tool discovery which introduces a surface for malicious instructions to be ingested from the remote server. ● Ingestion points: Tool schemas and descriptions returned by RUBE_SEARCH_TOOLS. ● Boundary markers: Absent; there are no instructions provided to the agent to treat fetched metadata as untrusted or to ignore embedded instructions. ● Capability inventory: The skill has the ability to execute remote operations and bulk tasks via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. ● Sanitization: Absent; the skill instructs the agent to use the exact field names and types provided by the remote discovery service without validation.
Audit Metadata