connect
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and acts upon data from untrusted external sources.
- Ingestion points: Data enters the agent context from integrated apps like Gmail, Slack, and GitHub (e.g., reading email bodies, summarizing chat logs, or checking issue descriptions).
- Boundary markers: The skill definition does not include explicit delimiters or instructions to treat data from these external tools as untrusted content.
- Capability inventory: The skill possesses extensive write permissions, including the ability to send emails, post messages to communication channels, and modify database records across 1,000+ services.
- Sanitization: There is no mechanism described for sanitizing, validating, or escaping the external content before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill utilizes external libraries from the Composio platform to manage tool routing and authentication.
- Evidence: The setup guide directs users to install
composio,claude-agent-sdk, and related packages from standard registries (PyPI and NPM) which originate from a well-known technology service.
Audit Metadata