airtable-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to an external Model Context Protocol (MCP) server at
https://rube.app/mcpto fetch tool schemas and execute Airtable operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the data it retrieves from Airtable.
- Ingestion points: Untrusted data enters the agent context via
AIRTABLE_LIST_RECORDS,AIRTABLE_GET_RECORD, andAIRTABLE_LIST_COMMENTS. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat retrieved Airtable content as data rather than instructions.
- Capability inventory: The skill provides significant write capabilities, including
AIRTABLE_CREATE_RECORD,AIRTABLE_UPDATE_RECORD,AIRTABLE_DELETE_RECORD, andAIRTABLE_CREATE_FIELD. - Sanitization: No sanitization, validation, or escaping of the retrieved Airtable content is performed before processing.
Audit Metadata