googlesheets-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The setup instructions direct users to add https://rube.app/mcp as an MCP server. This connects the agent to external tools hosted by the Rube/Composio service.
- [COMMAND_EXECUTION]: The skill executes a wide range of operations on Google Sheets (read, write, delete, format) through the connected MCP toolkit.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and acts upon data from external spreadsheets.
- Ingestion points: Tools such as GOOGLESHEETS_BATCH_GET, GOOGLESHEETS_VALUES_GET, and GOOGLESHEETS_LOOKUP_SPREADSHEET_ROW import data into the agent's context from Google Sheets files.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from interpreting spreadsheet content as commands.
- Capability inventory: The skill possesses significant capabilities to modify or delete data, including GOOGLESHEETS_BATCH_UPDATE, GOOGLESHEETS_DELETE_DIMENSION, and GOOGLESHEETS_UPSERT_ROWS.
- Sanitization: No input validation or data sanitization mechanisms are implemented for the content retrieved from the spreadsheets.
Audit Metadata