Skills
skills/composiohq/awesome-claude-skills/dovetail-automation/Gen Agent Trust Hub

dovetail-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is highly susceptible to indirect prompt injection (Category 8).
  • Ingestion points: External data is ingested from Dovetail projects, notes, and insights via the toolkit.
  • Boundary markers: The skill documentation provides no instructions for using delimiters or boundary markers to isolate untrusted external content from the agent's core instructions.
  • Capability inventory: The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, which allow for state-changing actions (writing data, executing tools, or potentially running code) based on processed inputs.
  • Sanitization: There is no evidence of sanitization, validation, or filtering of the content retrieved from Dovetail before it is used to influence tool execution plans.
  • EXTERNAL_DOWNLOADS (LOW): The skill requires a connection to a remote MCP server at https://rube.app/mcp. While this is a known endpoint for the Rube/Composio ecosystem, it constitutes an external dependency on a non-whitelisted domain.
  • COMMAND_EXECUTION (MEDIUM): The inclusion of RUBE_REMOTE_WORKBENCH suggests the capability for more complex execution environments (shell access or runtime code execution) which increases the impact of any successful prompt injection attack.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:34 PM