Skills
skills/composiohq/awesome-claude-skills/grist-automation/Gen Agent Trust Hub

grist-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [External Downloads] (HIGH): The skill requires connecting to an external MCP endpoint (https://rube.app/mcp). This domain is not within the defined trust scope. Any instructions, schemas, or logic provided by this endpoint are executed with the agent's permissions.
  • [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to poisoning via external tool registries.
  • Ingestion points: RUBE_SEARCH_TOOLS fetches dynamic schemas and recommended execution plans from the external server (SKILL.md).
  • Boundary markers: Absent. Instructions explicitly tell the agent to 'Always search tools first' and 'Use exact field names and types from the search results.'
  • Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide significant execution capabilities (SKILL.md).
  • Sanitization: None. The agent is instructed to follow instructions returned by the external search tool.
  • [Command Execution] (MEDIUM): The skill's workflow is driven by dynamically fetched tool slugs via RUBE_MULTI_EXECUTE_TOOL. This can lead to the execution of unintended or malicious commands if the external registry is compromised or malicious.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:46 PM