Skills
skills/composiohq/awesome-claude-skills/happy-scribe-automation/Gen Agent Trust Hub

happy-scribe-automation

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill relies on dynamically discovered schemas and execution plans from an external MCP server, which presents an attack surface for indirect prompt injection.
  • Ingestion points: Data returned from the RUBE_SEARCH_TOOLS endpoint, specifically the tool_slug and arguments used in subsequent tool calls.
  • Boundary markers: The skill lacks instructions or delimiters to isolate untrusted tool metadata from the agent's core logic.
  • Capability inventory: The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, providing significant execution capabilities based on external input.
  • Sanitization: There is no evidence of validation or sanitization for the schemas retrieved from the remote server before they are used to generate execution arguments.
  • External Dependency (LOW): The skill requires connection to a third-party MCP server (https://rube.app/mcp). While this is the intended architecture, it introduces a dependency on an external service not listed in the trusted repository scope.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:42 PM