recallai-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches tool configurations and execution schemas from the Composio Rube MCP endpoint at https://rube.app/mcp.
- [COMMAND_EXECUTION]: Provides tools such as RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute remote functions and workflows based on dynamically discovered tool slugs.
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where the agent processes instructions fetched from external sources.
- Ingestion points: The agent ingests data retrieved from the RUBE_SEARCH_TOOLS endpoint as described in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the fetched data are defined.
- Capability inventory: The skill has the ability to execute remote tools and workbenches via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH.
- Sanitization: No evidence of validation or sanitization of the remotely fetched execution plans or tool schemas is provided.
Audit Metadata