render-automation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or unauthorized data access patterns were identified in the skill instructions.
- [NO_CODE]: The skill consists entirely of markdown documentation and YAML metadata without any accompanying scripts, binaries, or executable code.
- [EXTERNAL_DOWNLOADS]: The skill directs users to configure the 'https://rube.app/mcp' endpoint as an MCP server. This is an expected external reference for the Rube integration.
- [INDIRECT_PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting data from the Render API (e.g., service names or deployment logs). Ingestion points: SKILL.md (RENDER_LIST_SERVICES, RENDER_RETRIEVE_DEPLOY). Boundary markers: None mentioned. Capability inventory: RENDER_TRIGGER_DEPLOY. Sanitization: None mentioned. This is a characteristic of API-driven automation tools.
Audit Metadata