tisane-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the user to add an external MCP server endpoint (
https://rube.app/mcp). While this is a documented requirement for using Rube MCP, it creates a dependency on an external third-party service not included in the trusted source list. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill relies on dynamic tool discovery via
RUBE_SEARCH_TOOLSto determine execution plans. - Ingestion points: Data returned from the
RUBE_SEARCH_TOOLScall (schemas, execution plans). - Boundary markers: Absent; the agent is instructed to use exact field names and types from the search results without explicit verification.
- Capability inventory: Includes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, which allow for complex tool execution and remote operations. - Sanitization: None mentioned; the agent is expected to follow schemas provided by the remote discovery service.
- [DYNAMIC_EXECUTION] (SAFE): While the skill mentions
RUBE_REMOTE_WORKBENCHandrun_composio_tool(), these are standard components of the Composio ecosystem and are used as intended for tool execution rather than arbitrary code generation.
Audit Metadata