Skills
skills/starchild-ai-agent/official-skills/composio/Gen Agent Trust Hub

composio

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill interacts with numerous external APIs to fetch data, such as emails through GMAIL_FETCH_EMAILS, issue descriptions via GITHUB_GET_AN_ISSUE, and page content via NOTION_FETCH_BLOCK_CONTENTS. This creates a surface for indirect prompt injection where malicious instructions embedded in external content could influence the agent's behavior.
  • Ingestion points: External data enters the agent context through multiple tool execution endpoints (Gmail, GitHub, Notion, Google Drive/Docs/Sheets).
  • Boundary markers: The skill does not provide instructions for using boundary markers or delimiters to isolate untrusted external content.
  • Capability inventory: The skill allows the execution of shell commands via curl and supports the creation and execution of Python scripts.
  • Sanitization: No sanitization or validation logic is specified for data retrieved from external sources.
  • [COMMAND_EXECUTION]: The skill instructs the agent to use curl for interacting with the internal gateway API (http://composio-gateway.flycast).
  • [COMMAND_EXECUTION]: The skill encourages the dynamic generation and execution of local Python scripts to automate recurring tool interactions and complex workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 10:28 AM