connect
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of multiple external packages from public registries, including 'composio', 'claude-agent-sdk', and various framework-specific integrations.\n- [COMMAND_EXECUTION]: Setup instructions include shell commands for environment variable configuration ('export COMPOSIO_API_KEY') and package installation ('pip install', 'npm install').\n- [DATA_EXFILTRATION]: The skill facilitates the transfer of data between various personal and professional applications (e.g., Gmail, Slack, GitHub) and uses an external tool router at 'platform.composio.dev'. This pattern involves routing sensitive data through a third-party intermediary.\n- [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection.\n
- Ingestion points: The agent retrieves and processes untrusted content from external sources such as Gmail messages, Slack posts, and GitHub issues.\n
- Boundary markers: The implementation lacks explicit instructions or delimiters to ensure the agent ignores commands embedded in the data it reads.\n
- Capability inventory: The agent is granted extensive capabilities to act on the user's behalf across many platforms, creating high potential impact if malicious instructions are followed.\n
- Sanitization: No mechanisms for content validation or sanitization are described for data fetched from external integrations.
Audit Metadata