Skills
skills/composiohq/awesome-claude-skills/campaign-cleaner-automation/Gen Agent Trust Hub

campaign-cleaner-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill creates a high-risk surface by processing untrusted data with high-privilege capabilities.
  • Ingestion points: The campaign_cleaner toolkit processes data from external marketing campaigns (e.g., email content, ad copy).
  • Boundary markers: There are no instructions to use delimiters or ignore embedded instructions within the campaign data.
  • Capability inventory: The skill has access to RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, enabling modification of data and execution of remote functions.
  • Sanitization: No sanitization or validation of the ingested campaign content is described.
  • [Remote Code Execution] (HIGH): The skill directs the agent to connect to an external, unverified MCP server and execute tools remotely.
  • Evidence: The instruction to use https://rube.app/mcp and the RUBE_REMOTE_WORKBENCH tool allows execution of logic on a remote infrastructure not controlled by the user.
  • The 'No API keys needed' claim suggests a lack of standard credential-based access control for remote execution.
  • [Unverifiable Dependencies] (MEDIUM): Reliance on an external source not present in the Trusted External Sources list.
  • Evidence: The endpoint rube.app and toolkit campaign_cleaner are third-party services that have not been vetted for safety.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:36 AM