sitespeakai-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's architecture relies on dynamic tool discovery, which presents a surface for indirect prompt injection if the remote server were compromised.\n
- Ingestion points: Tool definitions and schemas returned by
RUBE_SEARCH_TOOLSas described inSKILL.md.\n - Boundary markers: Absent; the skill does not instruct the agent to ignore instructions embedded within the tool schemas.\n
- Capability inventory: The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHwhich can execute arbitrary code/tools via the Composio toolkit.\n - Sanitization: Absent; the instructions prioritize schema compliance over input validation.\n- [External Downloads] (SAFE): The skill references
https://rube.app/mcpfor MCP server configuration. This is the legitimate endpoint for the Rube/Composio service and is required for functionality.\n- [Dynamic Execution] (LOW): The workflow utilizesRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto execute tools discovered at runtime, which is a standard pattern for MCP-based skills.
Audit Metadata