formcarry-automation

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches dynamic tool schemas and execution strategies from the Rube MCP server at https://rube.app/mcp at runtime.
  • [COMMAND_EXECUTION]: Employs the RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH tools to execute operations based on schemas retrieved from the remote MCP server.
  • [DATA_EXFILTRATION]: Facilitates the exchange of form data and configuration between the agent and Formcarry's services through the Composio platform.
  • [PROMPT_INJECTION]: Ingests and acts upon external tool metadata and recommended plans, which constitutes an indirect prompt injection attack surface.
  • Ingestion points: Tool schemas and execution instructions returned by the RUBE_SEARCH_TOOLS capability.
  • Boundary markers: No explicit delimiter or instruction-ignoring syntax is defined for processing the remote outputs.
  • Capability inventory: Includes remote task execution via RUBE_REMOTE_WORKBENCH and multi-tool execution via RUBE_MULTI_EXECUTE_TOOL in SKILL.md.
  • Sanitization: The skill documentation does not specify sanitization or validation of the fetched tool definitions prior to execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 05:00 PM
Security Audit — agent-trust-hub — formcarry-automation