connect
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
composioandclaude-agent-sdkpackages from public repositories to enable its features. - [COMMAND_EXECUTION]: Standard installation commands (
pip install,npm install) and environment variable configuration are used during setup. - [PROMPT_INJECTION]: The skill's primary function involves reading and acting on data from external services, creating an indirect prompt injection attack surface.
- Ingestion points: Data retrieved from Gmail, Slack, GitHub, and other connected apps (SKILL.md).
- Boundary markers: No specific delimiters or safety warnings are included to isolate untrusted external content.
- Capability inventory: The agent is empowered to take actions like sending emails, creating GitHub issues, and posting messages.
- Sanitization: Content from connected applications is processed without validation or sanitization rules.
Audit Metadata