Skills
skills/composiohq/awesome-claude-skills/beeminder-automation/Gen Agent Trust Hub

beeminder-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [External Downloads] (MEDIUM): The skill requires the installation of an external MCP server from https://rube.app/mcp. This domain is not a recognized trusted source. Connecting to untrusted MCP endpoints can expose the agent to malicious tool definitions or unexpected remote capabilities.
  • [Indirect Prompt Injection] (HIGH): The skill relies on data from the external MCP server to define its execution plan, creating a significant vulnerability surface.
  • Ingestion points: Data returned from RUBE_SEARCH_TOOLS and RUBE_GET_TOOL_SCHEMAS (SKILL.md).
  • Boundary markers: Absent. The instructions command the agent to "Always search first" and follow the "recommended execution plans" provided by the remote source.
  • Capability inventory: The RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH tools provide significant side-effect capabilities for modifying external account data (SKILL.md).
  • Sanitization: Absent. The instructions mandate using exact field names and types provided by the untrusted search results without validation.
  • [Command Execution] (MEDIUM): The skill uses dynamic tool discovery via RUBE_SEARCH_TOOLS to determine which tools to run. If the remote server returns a malicious tool slug or schema, the agent may execute unintended commands via RUBE_MULTI_EXECUTE_TOOL.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:35 AM