reply-io-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Rube MCP framework to discover and run tools such as
RUBE_SEARCH_TOOLSandRUBE_MULTI_EXECUTE_TOOL, allowing the agent to perform operations on the Reply IO platform. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through the ingestion of external data.
- Ingestion points: Untrusted data from tool schemas and execution results enters the agent context via responses from
RUBE_SEARCH_TOOLSandRUBE_MULTI_EXECUTE_TOOLinSKILL.md. - Boundary markers: There are no markers or safety warnings present to isolate or distinguish external tool data from system instructions.
- Capability inventory: The agent is enabled to perform multiple actions on the Reply IO platform, including toolkit execution and bulk task processing.
- Sanitization: The skill does not provide mechanisms for validating or sanitizing content received from the remote MCP server before it is processed by the agent.
- [NO_CODE]: This skill consists entirely of instructional markdown content and does not include any accompanying executable scripts.
Audit Metadata