basecamp-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to configure an external MCP server located at
https://rube.app/mcp. This represents a dependency on an external service to facilitate the Basecamp integration.- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it retrieves untrusted data from Basecamp and possesses the capability to modify project data and access. - Ingestion points: The skill reads data from Basecamp using tools like
BASECAMP_GET_MESSAGE,BASECAMP_GET_PROJECTS, andBASECAMP_GET_PEOPLE. - Boundary markers: The instructions do not provide explicit boundary markers or guidance for the agent to distinguish between its own instructions and data retrieved from Basecamp.
- Capability inventory: The skill has significant capabilities, including the ability to create messages, manage to-dos, and modify project access via
BASECAMP_PUT_PROJECTS_PEOPLE_USERS. - Sanitization: There are no filters or sanitization steps mentioned for the content retrieved from external Basecamp buckets.
Audit Metadata