connect-apps
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the
composio-toolrouterplugin from an external source to enable integration capabilities. - [COMMAND_EXECUTION]: Instructions include running installation and setup commands (
/plugin install composio-toolrouterand/composio-toolrouter:setup) within the agent's interface. - [DATA_EXFILTRATION]: To function, the skill facilitates communication with external services and requires the user to provide an API key for the Composio platform, which handles the routing of requests to third-party applications.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by enabling the agent to read and act upon data from external sources. 1. Ingestion points: External applications like Gmail, Slack, and GitHub issues. 2. Boundary markers: None specified. 3. Capability inventory: Capabilities include sending emails, creating issues, and posting messages. 4. Sanitization: Not explicitly mentioned.
Audit Metadata