bigmailer-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to add an external MCP server endpoint (
https://rube.app/mcp). This domain is not listed as a trusted external source, posing a risk if the source is not verified by the user. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto execute logic on remote infrastructure managed by the Rube/Composio platform. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection. Ingestion points: The skill mandates following 'recommended execution plans' and schemas returned by the
RUBE_SEARCH_TOOLSendpoint. Boundary markers: None present; the instructions command the agent to 'Always search first' and adopt returned tool slugs and arguments. Capability inventory: Includes tool execution (RUBE_MULTI_EXECUTE_TOOL) and workbench operations (RUBE_REMOTE_WORKBENCH). Sanitization: No sanitization or validation of the externally provided execution plans is mentioned.
Audit Metadata