Skills
skills/composiohq/awesome-claude-skills/grafbase-automation/Gen Agent Trust Hub

grafbase-automation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): Reference to https://rube.app/mcp as a mandatory MCP endpoint. This domain is not on the trusted list.
  • REMOTE_CODE_EXECUTION (HIGH): Tools such as RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH execute arbitrary logic hosted on the remote server.
  • PROMPT_INJECTION (HIGH): Vulnerable to indirect prompt injection. 1. Ingestion points: Tool schemas are fetched via RUBE_SEARCH_TOOLS from the untrusted remote server. 2. Boundary markers: None; the agent is instructed to follow schema instructions directly. 3. Capability inventory: Includes RUBE_MULTI_EXECUTE_TOOL (write/execute) and RUBE_MANAGE_CONNECTIONS (auth). 4. Sanitization: None; uses untrusted field names and types from remote search results.
  • DATA_EXFILTRATION (MEDIUM): Using RUBE_MANAGE_CONNECTIONS with a third-party proxy may expose Grafbase session data and credentials to the provider of rube.app.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:03 AM