connect-apps
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires installing the
composio-toolrouterplugin. This introduces a dependency on a third-party service (Composio) not included in the standard trusted source list, though it is the central purpose of the skill. - COMMAND_EXECUTION (LOW): Commands like
/plugin installand/composio-toolrouter:setupare used to modify the agent's environment and configuration. - DATA_EXFILTRATION (LOW): The skill is designed to send data to external apps (Gmail, Slack, GitHub, etc.). While this is authorized by the user via OAuth and API keys, it represents a significant data flow to non-whitelisted domains.
- INDIRECT PROMPT INJECTION (LOW): The skill creates a large attack surface for indirect injections.
- Ingestion points: Data retrieved from 1000+ apps, including email bodies, Slack messages, and GitHub issues.
- Boundary markers: None specified in the provided markdown.
- Capability inventory: Extensive capabilities including sending emails, posting to chat, and modifying documents/code repositories.
- Sanitization: None specified; the skill relies on the agent's base safety protocols.
Audit Metadata