box-automation
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to configure an external MCP server endpoint (https://rube.app/mcp) to enable the Box automation tools.
- [PROMPT_INJECTION]: The skill facilitates the processing of untrusted data from Box, which could contain malicious instructions designed to exploit the agent's capabilities. Ingestion points: File contents and metadata retrieved via tools like BOX_DOWNLOAD_FILE and BOX_SEARCH_FOR_CONTENT (SKILL.md). Boundary markers: None identified in the prompt templates to distinguish between data and instructions. Capability inventory: Extensive file and folder modification permissions including BOX_UPLOAD_FILE, BOX_DELETE_FILE, and BOX_UPDATE_COLLABORATION. Sanitization: No evidence of input sanitization or validation of the retrieved content.
Audit Metadata