Skills
skills/composiohq/awesome-claude-skills/codeinterpreter-automation/Gen Agent Trust Hub

codeinterpreter-automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to add an external MCP server endpoint (https://rube.app/mcp). This domain is not part of the trusted organization list and acts as a gateway for all tool interactions.
  • REMOTE_CODE_EXECUTION (MEDIUM): The skill's primary purpose is to execute code via the codeinterpreter toolkit through RUBE_MULTI_EXECUTE_TOOL. This allows for remote execution of code on infrastructure managed by the MCP provider.
  • DATA_EXFILTRATION (LOW): Using a remote MCP server and managing connections via RUBE_MANAGE_CONNECTIONS inherently routes data through the third-party service, which could include sensitive interaction history or session details.
  • PROMPT_INJECTION (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8).
  • Ingestion points: RUBE_SEARCH_TOOLS fetches dynamic schemas and instructions from the remote server.
  • Boundary markers: None specified in the instructions to prevent the agent from obeying instructions embedded in the fetched schemas.
  • Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide significant execution capabilities.
  • Sanitization: No sanitization of the remote tool descriptions or schemas is mentioned before they are used to plan workflows.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:31 PM