connect

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the composio and claude-agent-sdk packages from public repositories to enable its features.
  • [COMMAND_EXECUTION]: Standard installation commands (pip install, npm install) and environment variable configuration are used during setup.
  • [PROMPT_INJECTION]: The skill's primary function involves reading and acting on data from external services, creating an indirect prompt injection attack surface.
  • Ingestion points: Data retrieved from Gmail, Slack, GitHub, and other connected apps (SKILL.md).
  • Boundary markers: No specific delimiters or safety warnings are included to isolate untrusted external content.
  • Capability inventory: The agent is empowered to take actions like sending emails, creating GitHub issues, and posting messages.
  • Sanitization: Content from connected applications is processed without validation or sanitization rules.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 08:02 PM
Security Audit — agent-trust-hub — connect