googlecalendar-automation

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure a remote MCP server at https://rube.app/mcp, which is used to dynamically fetch tool definitions and execution schemas from Composio's infrastructure.
  • [INDIRECT_PROMPT_INJECTION]: The skill instructions define a workflow where the agent context is populated with external data (tool schemas and execution plans) fetched from the RUBE_SEARCH_TOOLS endpoint.
  • Ingestion points: Untrusted data enters the context through the output of the RUBE_SEARCH_TOOLS function as described in SKILL.md.
  • Boundary markers: The instructions do not specify any boundary markers or 'ignore' instructions for the data returned by the tool discovery process.
  • Capability inventory: The skill possesses significant capabilities including multi-step tool execution (RUBE_MULTI_EXECUTE_TOOL) and remote workbench operations (RUBE_REMOTE_WORKBENCH).
  • Sanitization: No explicit sanitization or validation of the fetched schemas is performed; the agent is instructed to use the results exactly as provided by the external search.
  • [NO_CODE]: This skill consists entirely of instructional markdown and configuration data, containing no executable scripts, binaries, or complex automation logic within the skill package itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 02:14 AM
Security Audit — agent-trust-hub — googlecalendar-automation