wrike-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface exists as the skill ingests untrusted data from Wrike tasks and folders. Evidence: (1) Ingestion points: WRIKE_FETCH_ALL_TASKS, WRIKE_GET_TASK_BY_ID, and WRIKE_GET_FOLDERS retrieve task descriptions and folder titles. (2) Boundary markers: No explicit instruction delimiters or 'ignore embedded instructions' warnings are present. (3) Capability inventory: The skill includes high-impact tools like WRIKE_DELETE_FOLDER, WRIKE_DELETE_SPACE, and WRIKE_CREATE_INVITATION. (4) Sanitization: No sanitization of retrieved content is described.
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the use of a remote MCP server endpoint (https://rube.app/mcp). While this is the primary purpose of the skill, the domain is not on the trusted whitelist.
- [NO_CODE] (SAFE): The skill consists entirely of instructional markdown and does not bundle executable scripts, binaries, or source code files.
Audit Metadata