square-automation
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure
https://rube.app/mcpas an MCP server. This is a reference to a well-known service provider (Composio) used for connecting AI agents to third-party APIs like Square. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks (Category 8) because it processes untrusted data from the Square API (such as payment notes or customer names) and possesses capabilities to modify business state (e.g., cancelling payments or invoices).
- Ingestion points:
SQUARE_LIST_PAYMENTS,SQUARE_SEARCH_ORDERS, andSQUARE_LIST_INVOICES(SKILL.md). - Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore instructions embedded within the retrieved data.
- Capability inventory: Includes destructive actions such as
SQUARE_CANCEL_PAYMENT,SQUARE_UPDATE_ORDER, andSQUARE_CANCEL_INVOICE(SKILL.md). - Sanitization: No explicit sanitization or validation steps are defined for data retrieved from the Square API.
Audit Metadata