connect
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides users to install several packages including 'composio', '@composio/core', 'claude-agent-sdk', 'openai-agents', and 'composio-langchain'. These are official libraries for a well-known tool-routing service.
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by design, as it allows an agent to process data from external sources and perform actions based on it.
- Ingestion points: Data enters the agent context from connected apps such as Gmail, Slack, and GitHub via the Tool Router.
- Boundary markers: The skill does not provide explicit delimiters or warnings to the agent to ignore instructions embedded within the data retrieved from external apps.
- Capability inventory: The skill enables high-impact capabilities including sending emails, posting chat messages, updating databases, and creating repository issues.
- Sanitization: There is no evidence of input validation or sanitization for content received from external services before it is processed by the agent.
Audit Metadata