Skills
skills/composiohq/awesome-claude-skills/appointo-automation/Gen Agent Trust Hub

appointo-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill directs the user to add 'https://rube.app/mcp' as an MCP server. This endpoint is not in the trusted sources list and provides the underlying tool definitions and logic for the agent.
  • PROMPT_INJECTION (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: The agent is instructed to call RUBE_SEARCH_TOOLS to receive "recommended execution plans" and tool schemas from the remote server.
  • Boundary markers: None are present; the agent is told to "Always search tools first" and use the results as the source of truth.
  • Capability inventory: The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, which provide high-privilege execution capabilities on the external Appointo platform.
  • Sanitization: There is no mention of sanitizing or validating the plans returned by the remote service.
  • REMOTE_CODE_EXECUTION (HIGH): The combination of a remote MCP server defining tool logic and the agent's use of a 'Remote Workbench' allows for the execution of complex, potentially malicious workflows dictated by an untrusted external entity.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:11 AM