Skills
skills/composiohq/skills/composio/Gen Agent Trust Hub

composio

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill facilitates the development of agents that ingest untrusted data from external sources (e.g., Gmail, Slack, GitHub) which presents a risk of indirect prompt injection.
  • Ingestion points: Data enters the agent context through tool outputs (rules/app-execute-tools.md) and webhook events (rules/triggers-webhook.md).
  • Boundary markers: Code examples for framework integration (rules/tr-framework-ai-sdk.md) do not explicitly include delimiters or 'ignore embedded instruction' warnings when interpolating tool data into prompts.
  • Capability inventory: The skill enables high-privilege operations across numerous platforms, including 'GITHUB_CREATE_ISSUE' and 'SLACK_SEND_MESSAGE' (rules/app-execute-tools.md).
  • Sanitization: The skill provides a robust remediation framework via 'modifiers' (rules/app-modifiers.md) which allow for pre-execution validation and post-execution data filtering, though usage depends on implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 05:57 PM