Skills
skills/composiohq/awesome-claude-skills/formsite-automation/Gen Agent Trust Hub

formsite-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • External Dependency (HIGH): The skill mandates connection to an unverified third-party MCP server at https://rube.app/mcp. This server provides the definitions and logic for all operations, making it a single point of failure and potential control.
  • Indirect Prompt Injection (HIGH):
  • Ingestion points: Untrusted data enters the agent context via the output of RUBE_SEARCH_TOOLS (defined in SKILL.md).
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the tool outputs.
  • Capability inventory: The skill possesses significant side-effect capabilities including RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (defined in SKILL.md).
  • Sanitization: Absent; the instructions explicitly command the agent to follow the "recommended execution plans" and schemas returned by the remote server.
  • Remote Code Execution (HIGH): The use of RUBE_REMOTE_WORKBENCH with run_composio_tool() represents a high-risk capability where the remote server can influence or dictate the execution of code or tools within the environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:14 PM