rudder-profiles-setup
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones the 'profiles-mcp' repository from the vendor's official GitHub account (github.com/rudderlabs/profiles-mcp) to set up the local environment. This is a standard installation procedure for this toolchain.
- [COMMAND_EXECUTION]: The workflow involves executing several shell commands and scripts, including 'git clone', a local './setup.sh' script, and various CLI tools like 'uv', 'pb', and 'claude'. These are used for environment preparation, dependency installation, and editor configuration.
- [DATA_EXFILTRATION]: The skill manages sensitive environment variables, specifically 'RUDDERSTACK_PAT'. It explicitly instructs the agent never to ask users to paste secrets into chat and provides secure alternatives like masked interactive prompts or local file edits. It also forbids the agent from printing the contents of '.env' or other sensitive configuration files.
- [PROMPT_INJECTION]: The skill includes defensive instructions against indirect prompt injection by mandating that the agent treat all shell output, logs, and external tool responses as untrusted text. It specifically warns against executing shell fragments found in such output.
Audit Metadata