kit-automation

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure an MCP server at https://rube.app/mcp, which is the official endpoint for Rube MCP provided by Composio.
  • [COMMAND_EXECUTION]: The skill makes use of remote execution tools (RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH) to automate Kit tasks via the Rube MCP interface.
  • [DATA_EXPOSURE]: The skill includes connection management (RUBE_MANAGE_CONNECTIONS) to authenticate with Kit through Composio's infrastructure, which is necessary for the intended automation functionality.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes dynamic tool schemas returned by RUBE_SEARCH_TOOLS to determine execution plans.
  • Ingestion points: Tool schemas and execution plans returned by the RUBE_SEARCH_TOOLS command.
  • Boundary markers: None identified in the provided instructions.
  • Capability inventory: Subprocess execution via RUBE_MULTI_EXECUTE_TOOL and remote environment management via RUBE_REMOTE_WORKBENCH.
  • Sanitization: No explicit sanitization or validation logic is mentioned for the ingested tool schemas.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 08:03 PM
Security Audit — agent-trust-hub — kit-automation