reply-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate configuration and workflow guide for the Reply toolkit via Composio. It utilizes documented tool patterns and points to official resources.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes dynamic tool schemas and execution results to inform subsequent agent actions.
- Ingestion points: Data returned from
RUBE_SEARCH_TOOLSand the output of various Reply tools integrated via MCP (SKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore instructions embedded in tool outputs are provided.
- Capability inventory: The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfor executing tasks and managing remote environments (SKILL.md). - Sanitization: No explicit sanitization or validation logic for external data is defined in the instruction set.
Audit Metadata