amplitude-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs users to configure 'https://rube.app/mcp' as an MCP server. This is an external endpoint from a non-whitelisted domain, which provides the functional tools for the skill.- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through data retrieved from Amplitude.
- Ingestion points: User activity and properties are ingested via 'AMPLITUDE_GET_USER_ACTIVITY' and 'AMPLITUDE_FIND_USER'.
- Boundary markers: Absent; there are no instructions to help the agent distinguish between data and instructions.
- Capability inventory: The skill can execute actions like 'AMPLITUDE_SEND_EVENTS' and 'AMPLITUDE_UPDATE_COHORT_MEMBERSHIP' based on interpreted data.
- Sanitization: Absent; the instructions do not include any data validation or escaping mechanisms.
Audit Metadata