Skills
skills/composiohq/awesome-claude-skills/google_admin-automation/Gen Agent Trust Hub

google_admin-automation

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONNO_CODE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the addition of an external MCP server via https://rube.app/mcp. As this domain is not on the trusted provider list, it introduces a potential supply-chain risk where the MCP provider could theoretically intercept administrative actions or data.\n- [DATA_EXFILTRATION] (LOW): The skill performs operations on sensitive directory data including users, groups, and emails. While these are intended administrative tasks, the data flows through the third-party rube.app service, representing a potential exposure surface.\n- [Indirect Prompt Injection] (LOW): \n
  • Ingestion points: Processes user and group data via GOOGLE_ADMIN_LIST_USERS and GOOGLE_ADMIN_LIST_GROUPS.\n
  • Boundary markers: Absent; the instructions do not specify delimiters for data returned from the API.\n
  • Capability inventory: High-impact tools including GOOGLE_ADMIN_CREATE_USER, GOOGLE_ADMIN_DELETE_USER, and GOOGLE_ADMIN_SUSPEND_USER.\n
  • Sanitization: None specified; the skill assumes the agent or the MCP server handles potentially malicious content within directory fields.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 01:44 AM