salesmate-automation

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified through the tool discovery and execution workflow.
  • Ingestion points: Data retrieved dynamically from RUBE_SEARCH_TOOLS as described in SKILL.md, which informs subsequent tool arguments and execution plans.
  • Boundary markers: Absent; the skill does not instruct the agent to use delimiters or warnings to disregard potential instructions embedded in retrieved tool schemas.
  • Capability inventory: The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute operations based on discovery results.
  • Sanitization: No explicit sanitization or schema validation of search results is described before they are interpolated into execution commands.
  • [EXTERNAL_DOWNLOADS]: The skill requires connection to a remote MCP server endpoint at https://rube.app/mcp, which provides the necessary tool definitions and execution infrastructure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 06:30 PM
Security Audit — agent-trust-hub — salesmate-automation