segment-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (LOW): The skill directs users to connect to a third-party MCP server at
https://rube.app/mcp. - Evidence: Found in the 'Setup' section of SKILL.md.
- Context: While this is a functional requirement for the skill to operate, the domain is not on the pre-approved trusted list.
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection due to its handling of untrusted external data during Segment operations.
- Ingestion points: Data enters the agent context through
traitsandpropertiesparameters in tools likeSEGMENT_TRACK,SEGMENT_IDENTIFY,SEGMENT_GROUP, andSEGMENT_PAGE. - Boundary markers: There are no delimiters or explicit instructions to ignore embedded commands within the data objects being sent to Segment.
- Capability inventory: The skill possesses significant write capabilities, including event tracking, user identification, and source configuration management (
SEGMENT_UPDATE_SOURCE). - Sanitization: The skill lacks any description of sanitization or validation for the data interpolated into Segment API calls.
Audit Metadata