The Agent Skills Directory

[Data Exposure & Exfiltration] (LOW): The skill instructs the user to connect to an external MCP endpoint at rube.app. While this is the intended mechanism for the service, it involves sending agent control and data to a third-party domain not included in the trusted whitelist.
[Indirect Prompt Injection] (LOW): The skill creates a surface for indirect prompt injection by processing external data from Airtable records. Evidence: 1. Ingestion points: Records are ingested via tools like AIRTABLE_LIST_RECORDS and AIRTABLE_GET_RECORD (SKILL.md). 2. Boundary markers: None specified to delimit record content from instructions. 3. Capability inventory: The agent has extensive write/delete permissions on Airtable bases and records. 4. Sanitization: No sanitization or validation of record content is performed before processing.
[Unverifiable Dependencies] (LOW): The setup process requires adding a remote MCP server (rube.app). While this is a standard configuration for MCP-based skills, the logic executing the tools is hosted on an external server whose integrity cannot be verified through static analysis of the skill itself.

airtable-automation