Skills
skills/composiohq/awesome-claude-skills/exa-automation/Gen Agent Trust Hub

exa-automation

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill requires connecting to an external MCP server at https://rube.app/mcp. This server is not on the pre-approved list of trusted sources.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection. It instructs the agent to follow 'recommended execution plans' and 'known pitfalls' retrieved dynamically from the remote RUBE_SEARCH_TOOLS endpoint.
  • Ingestion points: Data returned from RUBE_SEARCH_TOOLS in SKILL.md.
  • Boundary markers: Absent. There are no instructions to the agent to treat the remote tool schemas or plans as untrusted data.
  • Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH, and RUBE_MANAGE_CONNECTIONS allow for complex remote operations.
  • Sanitization: Absent. The agent is encouraged to use exact field names and types from search results without validation.
  • [COMMAND_EXECUTION] (LOW): The skill facilitates remote tool execution via RUBE_MULTI_EXECUTE_TOOL. While this is the intended purpose, the reliance on dynamically fetched remote schemas for execution increases the risk of the agent being led to perform unintended actions if the remote server is compromised.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 04:04 AM