faceup-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to add an external MCP server endpoint (https://rube.app/mcp). This domain is not identified as a trusted source, and the skill depends on this external service for its core logic.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL. These tools are designed to facilitate the execution of remote operations and workflows within the Composio ecosystem, creating a surface for remote command execution. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill dynamically ingests tool schemas and execution plans via
RUBE_SEARCH_TOOLS, which are then used to guide the agent's tool execution. * Ingestion points: Results from RUBE_SEARCH_TOOLS (SKILL.md). * Boundary markers: Absent. * Capability inventory: Includes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (SKILL.md). * Sanitization: No evidence of schema validation or input sanitization before execution.
Audit Metadata