beeminder-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize tools like
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto interact with external Beeminder account data. These tools operate based on schemas dynamically retrieved at runtime. - [EXTERNAL_DOWNLOADS]: The skill requires users to add an external MCP server URL (
https://rube.app/mcp) and references official documentation atcomposio.dev. These resources are associated with the service provider's infrastructure and are used for tool orchestration. - [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection due to its data processing model. Evidence: 1. Ingestion points: The skill ingests untrusted data from
RUBE_SEARCH_TOOLSand tool execution outputs (SKILL.md). 2. Boundary markers: Absent. There are no instructions to delimit or ignore instructions within external data. 3. Capability inventory: The skill has action-oriented capabilities viaRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(SKILL.md). 4. Sanitization: Absent. There is no mention of validating or escaping content retrieved from the MCP server.
Audit Metadata