daffy-automation

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill connects to an external MCP server at https://rube.app/mcp. This is a standard architectural requirement for using Composio-based toolkits to automate Daffy tasks.
  • [COMMAND_EXECUTION]: The skill utilizes tools such as RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (via run_composio_tool()) which allow the agent to execute actions and manage connections on the remote workbench based on instructions in the skill.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes tool definitions retrieved from a remote source at runtime.
  • Ingestion points: External data enters the agent context via the RUBE_SEARCH_TOOLS call (described in SKILL.md) which fetches schemas and execution plans.
  • Boundary markers: There are no specific delimiters or instructions provided to the agent to help it distinguish between legitimate tool schemas and potential malicious instructions embedded within the data.
  • Capability inventory: The skill includes tools like RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (listed in SKILL.md), providing a high degree of autonomy for execution.
  • Sanitization: The skill lacks instructions for validating or sanitizing the search results before the agent acts upon them.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 12:16 PM
Security Audit — agent-trust-hub — daffy-automation