Skills
skills/composiohq/awesome-claude-skills/documint-automation/Gen Agent Trust Hub

documint-automation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill instructs the agent to 'Always search tools first' using RUBE_SEARCH_TOOLS and to follow the 'recommended execution plans' returned by the remote server. • Ingestion points: External metadata and instructions returned by the MCP server at https://rube.app/mcp. • Boundary markers: Absent. The skill contains no instructions to ignore or delimit potentially malicious natural language instructions embedded in the tool schemas or plans. • Capability inventory: High-privilege execution tools including RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. • Sanitization: Absent. The agent is directed to use exact field names and types from the search results without validation.
  • External Downloads & Connections (MEDIUM): The skill requires connection to an external, non-whitelisted MCP endpoint (https://rube.app/mcp). This allows for the injection of unverifiable capabilities into the agent's runtime environment.
  • Command Execution (HIGH): The presence of RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL provides a mechanism for remote instruction execution. When coupled with the requirement to follow remote 'plans', this allows a remote attacker to influence agent actions on the host system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:34 AM