Skills
skills/composiohq/awesome-claude-skills/echtpost-automation/Gen Agent Trust Hub

echtpost-automation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (HIGH): The skill directs the agent to connect to an external, untrusted MCP server at https://rube.app/mcp. This server provides the tool schemas and logic that the agent executes, effectively allowing a third party to control agent behavior and execute commands.
  • Indirect Prompt Injection (HIGH): There is a significant attack surface for indirect injection. Ingestion points: RUBE_SEARCH_TOOLS and RUBE_GET_TOOL_SCHEMAS fetch data from the untrusted rube.app endpoint. Boundary markers: None present in the instructions to prevent the agent from obeying instructions embedded in tool schemas. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide the ability to execute complex operations. Sanitization: No evidence of sanitization for the external content before it is used to determine tool execution plans.
  • Dynamic Execution (MEDIUM): The use of RUBE_REMOTE_WORKBENCH and run_composio_tool() indicates a runtime environment where operations are dynamically constructed and executed based on external input.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:41 AM