formcarry-automation
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches dynamic tool schemas and execution strategies from the Rube MCP server at
https://rube.app/mcpat runtime. - [COMMAND_EXECUTION]: Employs the
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHtools to execute operations based on schemas retrieved from the remote MCP server. - [DATA_EXFILTRATION]: Facilitates the exchange of form data and configuration between the agent and Formcarry's services through the Composio platform.
- [PROMPT_INJECTION]: Ingests and acts upon external tool metadata and recommended plans, which constitutes an indirect prompt injection attack surface.
- Ingestion points: Tool schemas and execution instructions returned by the
RUBE_SEARCH_TOOLScapability. - Boundary markers: No explicit delimiter or instruction-ignoring syntax is defined for processing the remote outputs.
- Capability inventory: Includes remote task execution via
RUBE_REMOTE_WORKBENCHand multi-tool execution viaRUBE_MULTI_EXECUTE_TOOLinSKILL.md. - Sanitization: The skill documentation does not specify sanitization or validation of the fetched tool definitions prior to execution.
Audit Metadata