The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill requires adding a third-party MCP server endpoint (https://rube.app/mcp) to the agent configuration. This domain is not recognized as a trusted external source.- REMOTE_CODE_EXECUTION (MEDIUM): The use of RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH facilitates the execution of logic hosted on a remote server. The agent dynamically loads and executes tool slugs based on runtime discovery from an external source.- DATA_EXFILTRATION (LOW): The skill performs network operations to non-whitelisted domains (rube.app, baserow) to manage connections and execute workflows, potentially exposing session data or operational metadata.- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it ingests tool schemas and execution plans from a remote search tool. Evidence: (1) Ingestion points: RUBE_SEARCH_TOOLS responses in SKILL.md. (2) Boundary markers: Absent; no instructions to ignore instructions inside schemas. (3) Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH. (4) Sanitization: No sanitization or validation of remote schemas described.

baserow-automation