segment-automation
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes external data (event properties and user traits) without boundary markers or sanitization. Ingestion points: The
propertiesparameter inSEGMENT_TRACK, thetraitsparameter inSEGMENT_IDENTIFYandSEGMENT_GROUP, and thebatcharray inSEGMENT_BATCH(found in SKILL.md). Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from interpreting instructions embedded within the processed data. Capability inventory: The skill provides network-egress capabilities via multiple Segment tools across SKILL.md. When combined with an agent's ability to read local files or environment variables, this creates a data exfiltration surface. Sanitization: Absent. No filtering, escaping, or validation logic is suggested for the external data being sent to Segment. - [EXTERNAL_DOWNLOADS]: The skill requires the user to connect to an external MCP server at
https://rube.app/mcp. This server provides the tool definitions and acts as the gateway for all Segment operations.
Audit Metadata