Skills
skills/composiohq/awesome-claude-skills/ayrshare-automation/Gen Agent Trust Hub

ayrshare-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill exhibits a high-risk pattern by design, where instructions from an external source are treated as authoritative for tool execution.
  • Ingestion points: RUBE_SEARCH_TOOLS returns tool slugs, input schemas, and 'recommended execution plans' from the remote endpoint https://rube.app/mcp.
  • Boundary markers: Absent. The skill instructions explicitly tell the agent to 'Use exact field names and types from the search results' and follow the 'recommended execution plans'.
  • Capability inventory: Includes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, providing the capability to perform actions or execute code (via run_composio_tool()) based on the untrusted remote input.
  • Sanitization: Absent. There is no evidence of validation or filtering of the schemas or instructions retrieved from the remote server before they are used to generate the next agent action.
  • External Downloads & Unverified Remote Services (MEDIUM): The setup instructions require the user to connect to a third-party endpoint (https://rube.app/mcp) that is not part of the trusted organization list. This endpoint serves as the control plane for the tools the agent will use, creating a 'Man-in-the-Middle' risk for all Ayrshare operations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:40 AM