Skills
skills/composiohq/awesome-claude-skills/autobound-automation/Gen Agent Trust Hub

autobound-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill ingests untrusted instructions via the RUBE_SEARCH_TOOLS endpoint. 1. Ingestion points: RUBE_SEARCH_TOOLS returns 'recommended execution plans'. 2. Boundary markers: Absent; instructions direct the agent to follow returned schemas and plans. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide execution capabilities. 4. Sanitization: Absent.
  • [Remote Code Execution] (HIGH): The use of RUBE_REMOTE_WORKBENCH with run_composio_tool() enables the execution of tools and logic in a remote environment.
  • [External Downloads] (MEDIUM): The skill requires adding an unverified MCP server (https://rube.app/mcp) that is not associated with a trusted source.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:31 AM