Skills
skills/composiohq/awesome-claude-skills/boldsign-automation/Gen Agent Trust Hub

boldsign-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the agent to connect to https://rube.app/mcp. This endpoint is not a trusted source and acts as the primary authority for the skill's logic and tool definitions.
  • [REMOTE_CODE_EXECUTION] (HIGH): It utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (via run_composio_tool()). These tools allow for remote execution of operations defined by the untrusted MCP server.
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to indirect prompt injection (Category 8).
  • Ingestion points: External data from the RUBE_SEARCH_TOOLS call and document content retrieved from the Boldsign API (SKILL.md).
  • Boundary markers: Absent. The instructions explicitly tell the agent to follow 'recommended execution plans' and 'current tool schemas' from the remote server.
  • Capability inventory: High-impact write and execution capabilities, including document modification in Boldsign and arbitrary tool execution via RUBE_REMOTE_WORKBENCH.
  • Sanitization: None provided. The agent is directed to use exact field names and types provided by the external search results.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:56 AM