route4me-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs users to connect to a third-party MCP server at https://rube.app/mcp. Although this is the intended functionality for using Rube/Composio tools, the domain is not in the predefined trusted list, representing a dependency on an external service.
- [PROMPT_INJECTION] (LOW): The skill demonstrates a surface for Indirect Prompt Injection (Category 8). It ingests data from RUBE_SEARCH_TOOLS and executes tools based on those results without explicit boundary markers or sanitization logic in the instructions. 1. Ingestion points: Tool schemas and execution plans returned by RUBE_SEARCH_TOOLS in SKILL.md. 2. Boundary markers: None identified. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH allow execution of arbitrary tools within the Route4me toolkit. 4. Sanitization: None identified.
Audit Metadata