respond-io-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection through dynamic tool discovery patterns. * Ingestion points: Untrusted data enters the agent context via RUBE_SEARCH_TOOLS results as specified in SKILL.md. * Boundary markers: Absent; there are no explicit instructions or delimiters to isolate or ignore potentially malicious instructions embedded in fetched tool schemas. * Capability inventory: The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, providing the agent with the ability to execute actions based on ingested data. * Sanitization: No evidence of validation or sanitization of the externally provided schemas or execution plans before use.
- [EXTERNAL_DOWNLOADS]: Skill references external resources including documentation at composio.dev and an MCP server endpoint at rube.app/mcp, which are consistent with the skill's stated purpose of automating Respond IO tasks.
Audit Metadata