Skills
skills/composiohq/awesome-claude-skills/forcemanager-automation/Gen Agent Trust Hub

forcemanager-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill instructs users to add https://rube.app/mcp as an MCP server. This is an untrusted third-party endpoint not listed in the Trusted External Sources. The server controls the definitions and logic of the tools the agent will execute.
  • COMMAND_EXECUTION (HIGH): The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. These capabilities allow for executing complex sequences of actions and potentially arbitrary code in a workbench environment. Since the tool definitions are provided by an untrusted remote server, this creates a path for remote execution control.
  • INDIRECT_PROMPT_INJECTION (HIGH): The skill is highly susceptible to tool output poisoning (Category 8c).
  • Ingestion points: RUBE_SEARCH_TOOLS returns tool slugs, input schemas, and 'recommended execution plans' from the external server.
  • Boundary markers: None. The instructions explicitly tell the agent to follow the schemas and plans returned from the search.
  • Capability inventory: Includes write operations to Forcemanager, multi-tool execution, and a remote workbench.
  • Sanitization: No validation is performed on the data returned from the MCP server before it is used to structure agent actions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:59 PM