Skills
skills/composiohq/awesome-claude-skills/composio-automation/Gen Agent Trust Hub

composio-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill requires the installation of an external MCP server from an untrusted source (https://rube.app/mcp). This server provides the tool definitions and execution logic, creating a pathway for remote code execution via tools like RUBE_REMOTE_WORKBENCH.- [Indirect Prompt Injection] (HIGH):\n
  • Ingestion points: The skill dynamically ingests tool slugs, input schemas, and execution plans from the RUBE_SEARCH_TOOLS function which queries the untrusted rube.app server.\n
  • Boundary markers: None present. The instructions explicitly tell the agent to "Always search tools first" and use the returned schemas for execution, effectively granting the external server control over the agent's actions.\n
  • Capability inventory: The skill possesses high-impact capabilities including RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH which can perform broad automation tasks.\n
  • Sanitization: No sanitization or validation of the externally provided tool schemas or plans is mentioned or implemented.- [Command Execution] (MEDIUM): The use of RUBE_REMOTE_WORKBENCH to run tools indicates a capability to execute complex, multi-step automations or scripts on a remote environment managed by the untrusted provider.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:38 AM