coda-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection risk exists as the skill ingests content from Coda documents which could contain malicious instructions.
- Ingestion points: Data is pulled into the agent context via
CODA_LIST_TABLE_ROWS,CODA_GET_A_PAGE,CODA_SEARCH_ROW, andCODA_GET_A_FORMULA. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore embedded instructions' warnings for processed data.
- Capability inventory: The skill includes powerful tools such as
CODA_UPSERT_ROWS(write access),CODA_ADD_PERMISSION(access control modification), andCODA_PUBLISH_DOC(public data exposure). - Sanitization: No explicit sanitization or validation steps are defined for the data retrieved from external Coda documents.
- [EXTERNAL_DOWNLOADS] (LOW): The skill relies on an external MCP server endpoint (
https://rube.app/mcp). While standard for the Rube/Composio ecosystem, it represents a dependency on a third-party service not listed in the trusted organizations list. - [PRIVILEGE_MANAGEMENT] (INFO): The skill provides tools like
CODA_ADD_PERMISSIONandCODA_PUBLISH_DOCwhich allow for significant changes to document security and visibility. These are intended features but require careful handling by the agent to prevent unauthorized access expansion.
Audit Metadata