whautomate-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure
https://rube.app/mcpas an MCP server and referencescomposio.devfor documentation. These are vendor-owned resources used to provide the skill's core functionality and tool definitions. - [COMMAND_EXECUTION]: The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto execute automation tasks. These operations are performed based on schemas retrieved dynamically during the workflow. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it processes and follows instructions retrieved from a remote source.
- Ingestion points: Tool schemas, input requirements, and execution plans are ingested from the
RUBE_SEARCH_TOOLStool response (SKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore instructions embedded in the search results are provided.
- Capability inventory: The skill can execute various tools via
RUBE_MULTI_EXECUTE_TOOLand perform workbench operations viaRUBE_REMOTE_WORKBENCH(SKILL.md). - Sanitization: There is no evidence of sanitization or validation of the external schemas before the agent uses them to generate tool calls.
Audit Metadata