The Agent Skills Directory

External Dependencies (HIGH): The skill requires the user to add an untrusted MCP server endpoint (https://rube.app/mcp). This source is not on the trusted repositories or organizations list, posing a significant risk as the server controls the tool definitions available to the agent.
Dynamic Tool Execution (HIGH): The workflow relies on RUBE_SEARCH_TOOLS to fetch schemas and RUBE_MULTI_EXECUTE_TOOL to run them. Since the tool slugs and input requirements are fetched from an untrusted remote server at runtime, a malicious server response could trigger the execution of unintended commands or scripts on the agent's environment.
Indirect Prompt Injection (MEDIUM): The skill lacks boundary markers or sanitization for the data returned by the remote server. If the rube.app service is compromised, it could inject malicious instructions through the tool schemas or search results which the agent would then process as valid instructions (Category 8).
Capability Inventory (INFO): The skill has the capability to manage connections, search for tools, and execute multiple tools simultaneously via the Rube MCP protocol. These broad capabilities increase the impact if the remote service is used for an attack.

google-address-validation-automation