Skills
skills/composiohq/awesome-claude-skills/exist-automation/Gen Agent Trust Hub

exist-automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill mandates adding an external MCP server (https://rube.app/mcp) which is not included in the list of trusted external sources. This introduces a dependency on unverified remote infrastructure.
  • COMMAND_EXECUTION (MEDIUM): The skill pattern relies on RUBE_MULTI_EXECUTE_TOOL to execute commands using tool slugs and schemas fetched dynamically at runtime. This allows the remote service to influence the agent's actions through the tool discovery phase.
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection surface identified through remote tool discovery.
  • Ingestion points: Data returned from RUBE_SEARCH_TOOLS including 'recommended execution plans' and tool schemas.
  • Boundary markers: Absent. The skill provides no instructions to treat remote tool definitions as untrusted or to ignore instructions embedded within the search results.
  • Capability inventory: Execution of various toolkit operations through RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH.
  • Sanitization: Absent. The agent is instructed to use exact field names and types from remote search results without validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:46 PM