The Agent Skills Directory

[Unverifiable Dependencies] (HIGH): The skill requires users to add https://rube.app/mcp as a remote MCP server. This endpoint is not within the trusted provider list. MCP servers can execute arbitrary code on the host or within the agent environment, making this equivalent to a remote code execution vector.
[Indirect Prompt Injection] (HIGH): The core workflow relies on RUBE_SEARCH_TOOLS to provide 'recommended execution plans' and 'tool slugs'.
Ingestion points: SKILL.md (lines 38-40) explicitly tells the agent to use plans and schemas returned from the external rube.app API at runtime.
Boundary markers: No delimiters or sanitization steps are defined to separate tool metadata from executable instructions.
Capability inventory: The skill possesses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH capabilities, allowing it to perform write operations and execute remote logic based on the untrusted search results.
Sanitization: None provided. The agent is instructed to use the exact field names and types returned by the remote source.
[Data Exposure & Exfiltration] (MEDIUM): The skill manages authentication for esignatures_io. While it uses Composio's infrastructure, the reliance on a third-party MCP wrapper (rube.app) means sensitive signing tokens and document metadata are processed by an unverified intermediary.

esignatures-io-automation