Skills
skills/composiohq/awesome-claude-skills/finmei-automation/Gen Agent Trust Hub

finmei-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Significant Indirect Prompt Injection surface. The skill fetches tool schemas, input requirements, and execution plans from the Rube MCP server (rube.app). Evidence: 1. Ingestion points: Search results from RUBE_SEARCH_TOOLS (SKILL.md). 2. Boundary markers: Absent; no instructions to ignore embedded commands in external data. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (SKILL.md). 4. Sanitization: Absent; the agent is instructed to follow schemas and plans exactly as returned.
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill implements dynamic tool execution based on definitions from an untrusted remote source. A compromise of the Rube MCP server would allow an attacker to execute arbitrary tools or workflows through the agent.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): Mandatory dependency on a non-whitelisted external endpoint (https://rube.app/mcp) for core functionality.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:44 PM