landbot-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute automation tasks using
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. These tools are dynamically identified through runtime discovery.- [DATA_EXFILTRATION]: The skill requires network communication withrube.appandcomposio.devto manage toolkit connections and retrieve current tool schemas. This behavior is documented and consistent with the intended automation functionality.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external data from Landbot and Composio tool outputs without explicit sanitization or boundary markers.\n - Ingestion points: Untrusted data enters the context through tool execution results and dynamic schema searches (SKILL.md).\n
- Boundary markers: None identified in the instructions to separate external data from agent instructions.\n
- Capability inventory: The skill has access to remote execution and workbench tools (
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH).\n - Sanitization: No evidence of input validation or output sanitization is present in the provided instructions.
Audit Metadata