zylvie-automation
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official resources and endpoints from Composio, specifically "composio.dev" and "rube.app". These are established domains for the service and documentation.
- [COMMAND_EXECUTION]: The skill uses MCP tools ("RUBE_MULTI_EXECUTE_TOOL", "RUBE_REMOTE_WORKBENCH") for task automation. This is the primary intended function of the skill.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it directs the agent to retrieve and strictly follow schemas and recommended execution plans from an external tool ("RUBE_SEARCH_TOOLS") during its workflow.
- Ingestion points: Tool definitions and recommended execution plans returned by the "RUBE_SEARCH_TOOLS" MCP tool at runtime.
- Boundary markers: The instructions lack explicit boundary markers or directives to ignore instructions embedded within the retrieved tool schemas.
- Capability inventory: The agent is granted the ability to execute various tools through the "RUBE_MULTI_EXECUTE_TOOL" interface and a remote workbench.
- Sanitization: No explicit sanitization or validation of the remotely fetched content is described.
Audit Metadata