segment-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references a third-party MCP server (rube.app/mcp) and documentation (composio.dev). These are used for service integration and are not used to download or execute arbitrary scripts on the host system.
- [NO_CODE] (SAFE): The skill is composed entirely of a markdown documentation file (
SKILL.md) that defines workflows and tool sequences. It contains no executable Python, JavaScript, or shell scripts. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys or secrets were found. The skill explicitly states that 'No API keys needed' for the initial setup, as authentication is handled through an external OAuth flow via
RUBE_MANAGE_CONNECTIONS. - [COMMAND_EXECUTION] (SAFE): There are no commands that interact with the local operating system, shell, or filesystem.
- [DATA_EXFILTRATION] (SAFE): While the skill's purpose is to send data to Segment (an analytics provider), it does so through defined tool interfaces. It does not contain any logic to read sensitive local files like SSH keys or environment variables for exfiltration.
Audit Metadata