rafflys-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of documentation and workflow guidance for using the Rafflys toolkit through a known MCP gateway.
- [EXTERNAL_DOWNLOADS]: The instructions direct the user to configure an MCP server at
https://rube.app/mcp. This is a standard setup procedure for utilizing Composio's infrastructure and does not involve automated or malicious code execution. - [CREDENTIALS_UNSAFE]: No hardcoded secrets are present. The skill utilizes
RUBE_MANAGE_CONNECTIONSto generate dynamic authorization links, which is a recommended practice for secure credential management. - [PROMPT_INJECTION]: The skill provides a mechanism to process external data from the Rafflys platform. While this exposes a surface for indirect prompt injection from contest descriptions or giveaway data, the skill mitigates this by enforcing a tool discovery phase (
RUBE_SEARCH_TOOLS) to ensure the agent uses structured schemas for all operations.
Audit Metadata