connect-apps
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the
composio-toolrouterplugin and acquire an API key fromplatform.composio.dev. These actions involve a well-known technology provider specialized in AI tool orchestration. - [COMMAND_EXECUTION]: The documentation includes standard commands for plugin installation (
/plugin install) and configuration (/composio-toolrouter:setup) within the agent environment. - [PROMPT_INJECTION]: The skill's primary functionality involves processing data from external sources, which presents a surface for indirect prompt injection.
- Ingestion points: External data retrieved from integrated services such as Gmail, Slack, and GitHub (SKILL.md).
- Boundary markers: No explicit delimiters are mentioned in the instructions to separate external data from system instructions.
- Capability inventory: The integration enables write operations including sending emails and creating platform issues (SKILL.md).
- Sanitization: No sanitization methods for external content are described within the provided documentation.
Audit Metadata