The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill's core workflow relies on dynamically fetching tool schemas and 'recommended execution plans' from the external rube.app endpoint. This creates a high-risk surface for indirect prompt injection if the external data contains instructions that the agent is predisposed to follow.
Ingestion points: Data returned from RUBE_SEARCH_TOOLS (tool slugs, schemas, execution plans).
Boundary markers: None. The agent is explicitly told to 'Always search tools first' and follow the returned execution plans.
Capability inventory: Access to RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, providing significant execution capabilities.
Sanitization: None specified; the agent is instructed to use the exact field names and types from the search results.
[External Download/Reference] (MEDIUM): The skill requires the user to add https://rube.app/mcp as an MCP server. This domain is not within the trusted scope. The claim that 'No API keys needed' suggests that the third-party service may be proxying requests or handling authentication in an opaque manner.
[Command Execution] (MEDIUM): Through the RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL, the agent can perform arbitrary actions supported by the Composio toolkit, which may include operations with significant side effects depending on the connected Apitemplate IO account permissions.

apitemplate-io-automation