instacart-automation
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it retrieves tool schemas and execution strategies from an external source via RUBE_SEARCH_TOOLS.\n
- Ingestion points: Runtime tool definitions and use-case specific plans are provided by the RUBE_SEARCH_TOOLS tool (SKILL.md).\n
- Boundary markers: There are no explicit instructions to the agent to disregard malicious directives that may be contained within the fetched schemas.\n
- Capability inventory: The skill can execute various operations through RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (SKILL.md).\n
- Sanitization: The skill lacks validation steps for the content provided by the external tool discovery service.\n- [EXTERNAL_DOWNLOADS]: The skill directs the agent to connect to an external MCP server at https://rube.app/mcp and references official documentation on the Composio platform at composio.dev.\n- [DATA_EXFILTRATION]: The skill utilizes the RUBE_MANAGE_CONNECTIONS tool to establish and verify authenticated connections to Instacart for automation purposes.
Audit Metadata