Skills
skills/composiohq/awesome-claude-skills/apilio-automation/Gen Agent Trust Hub

apilio-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill requires the addition of an unverified MCP server at https://rube.app/mcp. This server provides the tools and execution logic (RUBE_MULTI_EXECUTE_TOOL) that the agent runs. Since the source is not in the trusted repository list, this constitutes a risk of executing unverified remote code.
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: RUBE_SEARCH_TOOLS returns tool schemas, input definitions, and 'recommended execution plans' from the remote server.
  • Boundary markers: None are present to distinguish between benign tool schemas and malicious instructions embedded in the search results.
  • Capability inventory: The agent can execute arbitrary tools via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, and manage account connections via RUBE_MANAGE_CONNECTIONS.
  • Sanitization: The skill lacks any mechanism to sanitize the data returned by the search tools before it is used to structure following tool calls.
  • COMMAND_EXECUTION (MEDIUM): The use of RUBE_REMOTE_WORKBENCH and run_composio_tool() indicates that the agent is designed to trigger commands or scripts on a remote environment provided by the service, which may have side effects on the connected Apilio infrastructure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:58 AM