composio-search-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [External Downloads] (HIGH): Requires configuration of an external, untrusted MCP server endpoint (https://rube.app/mcp) to function.
- [Prompt Injection] (HIGH): High risk of indirect prompt injection. The skill instructs the agent to fetch and follow 'recommended execution plans' and 'schemas' from an external source, allowing the remote service to influence agent logic. \n
- Ingestion points: Data returned from RUBE_SEARCH_TOOLS. \n
- Boundary markers: Absent; the skill explicitly directs the agent to prioritize search results over hardcoded logic. \n
- Capability inventory: Execution of tools via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. \n
- Sanitization: Absent; no validation or filtering of remote content is performed before interpolation into execution steps.
- [Remote Code Execution] (HIGH): By allowing a remote server to define the 'tool_slug' and 'arguments' for execution, the skill enables a form of remote control where the third-party service dictates which commands are run on the user's system.
Recommendations
- AI detected serious security threats
Audit Metadata