canny-automation

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill implements standard automation workflows using the Composio Rube MCP platform, which is a recognized service for AI agent tool integration.
  • [EXTERNAL_DOWNLOADS]: The skill references the official Rube MCP endpoint at https://rube.app/mcp and technical documentation on composio.dev. These references are to well-known service domains and do not pose a security risk.
  • [PROMPT_INJECTION]: The skill exhibits a functional surface for indirect prompt injection by ingesting and acting upon dynamic tool discovery data. 1. Ingestion points: The agent is instructed to use execution plans and tool schemas from RUBE_SEARCH_TOOLS. 2. Boundary markers: Absent. 3. Capability inventory: The agent can execute broad toolsets via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. 4. Sanitization: No specific validation of tool-provided data is described. This surface is a core component of the platform's operational model.
  • [SAFE]: Sensitive credentials are not hardcoded; instead, the skill uses a secure connection management tool that provides ephemeral authentication links.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 06:11 PM
Security Audit — agent-trust-hub — canny-automation