bestbuy-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill serves as a configuration and usage guide for the Bestbuy automation toolkit provided by Composio. No malicious instructions or patterns were identified.\n- [EXTERNAL_DOWNLOADS]: The skill directs users to add the Rube MCP server endpoint at https://rube.app/mcp. This is an official resource owned by the vendor (Composio/Rube) and is used to facilitate the automation capabilities described.\n- [COMMAND_EXECUTION]: The skill outlines the use of tools such as RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to interact with the Bestbuy API. These operations are essential to the primary function of the skill.\n- [PROMPT_INJECTION]: The skill processes external data from Bestbuy API responses, creating an inherent surface for indirect prompt injection. However, this is consistent with the skill's intended use case.\n
- Ingestion points: API response data processed through RUBE_MULTI_EXECUTE_TOOL as described in SKILL.md.\n
- Boundary markers: None defined in the provided documentation.\n
- Capability inventory: Execution of arbitrary Bestbuy API tools and access to the RUBE_REMOTE_WORKBENCH as defined in SKILL.md.\n
- Sanitization: No specific sanitization or validation logic is provided in the skill documentation.
Audit Metadata