turbot-pipes-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security vulnerabilities were identified in the skill definition. The skill acts as an instructional wrapper for existing MCP tools.
- [DATA_EXFILTRATION] (SAFE): There are no hardcoded secrets, API keys, or instructions to access sensitive file paths. All network communication is directed through the configured MCP server.
- [PROMPT_INJECTION] (LOW): The skill demonstrates an indirect prompt injection surface by dynamically fetching tool schemas and execution plans via
RUBE_SEARCH_TOOLS. While this is standard for discovery-based agents, it relies on the integrity of the data returned by the remote MCP server (rube.app).
Audit Metadata