googlecalendar-automation
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure a remote MCP server at
https://rube.app/mcp, which is used to dynamically fetch tool definitions and execution schemas from Composio's infrastructure. - [INDIRECT_PROMPT_INJECTION]: The skill instructions define a workflow where the agent context is populated with external data (tool schemas and execution plans) fetched from the
RUBE_SEARCH_TOOLSendpoint. - Ingestion points: Untrusted data enters the context through the output of the
RUBE_SEARCH_TOOLSfunction as described inSKILL.md. - Boundary markers: The instructions do not specify any boundary markers or 'ignore' instructions for the data returned by the tool discovery process.
- Capability inventory: The skill possesses significant capabilities including multi-step tool execution (
RUBE_MULTI_EXECUTE_TOOL) and remote workbench operations (RUBE_REMOTE_WORKBENCH). - Sanitization: No explicit sanitization or validation of the fetched schemas is performed; the agent is instructed to use the results exactly as provided by the external search.
- [NO_CODE]: This skill consists entirely of instructional markdown and configuration data, containing no executable scripts, binaries, or complex automation logic within the skill package itself.
Audit Metadata