daffy-automation
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to an external MCP server at
https://rube.app/mcp. This is a standard architectural requirement for using Composio-based toolkits to automate Daffy tasks. - [COMMAND_EXECUTION]: The skill utilizes tools such as
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(viarun_composio_tool()) which allow the agent to execute actions and manage connections on the remote workbench based on instructions in the skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes tool definitions retrieved from a remote source at runtime.
- Ingestion points: External data enters the agent context via the
RUBE_SEARCH_TOOLScall (described inSKILL.md) which fetches schemas and execution plans. - Boundary markers: There are no specific delimiters or instructions provided to the agent to help it distinguish between legitimate tool schemas and potential malicious instructions embedded within the data.
- Capability inventory: The skill includes tools like
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(listed inSKILL.md), providing a high degree of autonomy for execution. - Sanitization: The skill lacks instructions for validating or sanitizing the search results before the agent acts upon them.
Audit Metadata