Skills
skills/composiohq/awesome-claude-skills/cats-automation/Gen Agent Trust Hub

cats-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill relies on fetching tool schemas, pitfalls, and execution plans from an external endpoint via RUBE_SEARCH_TOOLS and instructs the agent to execute tools based on this untrusted data.\n
  • Ingestion points: Data returned by RUBE_SEARCH_TOOLS from the rube.app endpoint (SKILL.md).\n
  • Boundary markers: Absent; the agent is explicitly told to search tools first and follow the returned schemas and execution plans without skepticism.\n
  • Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide execution capabilities on the 'Cats' platform (SKILL.md).\n
  • Sanitization: Absent; no validation or escaping is applied to the tool slugs or arguments retrieved from the external source.\n- External Downloads (MEDIUM): The skill requires connecting to an external MCP server at https://rube.app/mcp, which is not a trusted source and acts as a remote dependency for all operations.\n- Remote Code Execution (MEDIUM): RUBE_REMOTE_WORKBENCH combined with run_composio_tool() indicates a pattern of executing complex logic and tools on a remote workbench environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:45 AM