sendlane-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires the configuration of an external MCP server (https://rube.app/mcp). This server is not on the trusted sources list and serves as the primary controller for the agent's capabilities.
- [REMOTE_CODE_EXECUTION] (HIGH): Use of the RUBE_REMOTE_WORKBENCH tool allows for remote execution of logic via run_composio_tool(). Executing functions provided by an untrusted remote source is a high-severity security risk.
- [COMMAND_EXECUTION] (MEDIUM): The agent is instructed to dynamically fetch tool slugs and schemas via RUBE_SEARCH_TOOLS and execute them using RUBE_MULTI_EXECUTE_TOOL. This runtime dependency means the agent's actions are controlled by external data rather than static, reviewed instructions.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill lacks boundary markers or sanitization for data ingested from Sendlane or the dynamic tool schemas.
- Ingestion points: Data enters via RUBE_SEARCH_TOOLS (schemas) and Sendlane toolkit operations.
- Boundary markers: Absent. The instructions do not specify any delimiters to separate untrusted data from instructions.
- Capability inventory: Includes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH which can perform write/execute operations.
- Sanitization: Absent. The agent is directed to follow the returned execution plans and schemas without validation.
Recommendations
- AI detected serious security threats
Audit Metadata