bolt-iot-automation

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references documentation and an MCP server endpoint from official Composio and Rube domains (composio.dev and rube.app).
  • [COMMAND_EXECUTION]: Instructs the agent to perform IoT tasks by executing tools discovered via the Rube MCP interface using RUBE_MULTI_EXECUTE_TOOL.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it relies on tool schemas and instructions fetched dynamically from an external source at runtime to determine its next actions.
  • Ingestion points: Results from RUBE_SEARCH_TOOLS provided by the external MCP server.
  • Boundary markers: None specified in the instructions for separating external schema data from system prompts.
  • Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH in SKILL.md.
  • Sanitization: No explicit sanitization or validation of external tool metadata is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 09:35 AM
Security Audit — agent-trust-hub — bolt-iot-automation