square-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Dependency (LOW): The skill requires adding an external MCP server at
https://rube.app/mcp. This third-party endpoint provides the necessary tools for Square automation but is not from a verified trusted organization. - Indirect Prompt Injection (LOW): The skill creates a surface for indirect prompt injection by processing external data from Square and providing tools with write capabilities.
- Ingestion points: External data is ingested from Square via
SQUARE_LIST_PAYMENTS,SQUARE_SEARCH_ORDERS, andSQUARE_LIST_INVOICESinSKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided skill.
- Capability inventory: The skill uses tools capable of modifying state, specifically
SQUARE_CANCEL_PAYMENT,SQUARE_UPDATE_ORDER, andSQUARE_CANCEL_INVOICE. - Sanitization: No sanitization or validation logic is specified for data returned by the Square API.
Audit Metadata