Skills
skills/composiohq/awesome-claude-skills/cloudcart-automation/Gen Agent Trust Hub

cloudcart-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [Unverifiable Dependencies] (HIGH): The skill instructs users to add https://rube.app/mcp as an MCP server. Neither the domain nor the provider (Composio/Rube) are listed in the trusted repositories or organizations, making this an unverified remote dependency.
  • [Indirect Prompt Injection] (HIGH): The skill's core workflow relies on external content to define its behavior.
  • Ingestion points: RUBE_SEARCH_TOOLS retrieves tool slugs, schemas, and 'recommended execution plans' from a remote server (SKILL.md).
  • Boundary markers: Absent. The instructions explicitly tell the agent to 'Always search first' and 'Use exact field names' from the remote response.
  • Capability inventory: The skill possesses powerful write/execute capabilities through RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (SKILL.md).
  • Sanitization: Absent. The agent is instructed to trust the search results as the source of truth for execution without validation.
  • [Remote Code Execution] (MEDIUM): Through the RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL components, the skill facilitates execution on remote infrastructure. Given the provider is not in the trusted scope, this poses a risk of unauthorized remote command execution via the MCP interface.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:45 AM