timelinesai-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest tool schemas and execution plans dynamically from the
RUBE_SEARCH_TOOLSendpoint. This creates a potential surface for indirect injection if the remote server were compromised to return malicious schemas. - Ingestion points: Data returned from the
RUBE_SEARCH_TOOLStool call. - Boundary markers: Absent; the agent is instructed to follow the 'recommended execution plans' returned by the search.
- Capability inventory: The skill has the capability to execute tools via
RUBE_MULTI_EXECUTE_TOOLand run complex operations viaRUBE_REMOTE_WORKBENCH. - Sanitization: No explicit sanitization or validation of the returned schemas is defined in the instructions.
- External Dependencies (LOW): The skill requires the addition of an external MCP server at
https://rube.app/mcp. Users must trust the third-party provider (Composio) as the server handles tool discovery and connection management. - No Code (SAFE): No local scripts, binaries, or package manifests (e.g., package.json, requirements.txt) are included with the skill.
Audit Metadata