stannp-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- NO_CODE (SAFE): The skill consists solely of markdown instructions and configuration metadata; it contains no executable scripts, binaries, or logic files.
- EXTERNAL_DOWNLOADS (LOW): The skill directs users to connect to a third-party MCP endpoint (https://rube.app/mcp) which is not on the trusted provider list. This introduces a supply-chain dependency on the external server for tool definitions.
- PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface (Category 8) because it instructs the agent to retrieve and follow execution plans and schemas from a remote source. Evidence Chain: 1. Ingestion points: RUBE_SEARCH_TOOLS in SKILL.md; 2. Boundary markers: Absent; 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH in SKILL.md; 4. Sanitization: Absent.
- DATA_EXFILTRATION (LOW): The skill is designed to handle PII (mailing addresses and names) for Stannp automation, which is transmitted to the external Stannp API via the Rube/Composio bridge.
Audit Metadata