Skills
skills/composiohq/awesome-claude-skills/highlevel-automation/Gen Agent Trust Hub

highlevel-automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the addition of a remote MCP server at https://rube.app/mcp. This domain is not part of the trusted external sources list, posing a risk of supply-chain or endpoint compromise.
  • REMOTE_CODE_EXECUTION (MEDIUM): The workflow utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute logic provided by the remote server. The agent is instructed to follow 'recommended execution plans' returned by the remote service, which effectively delegates control of the agent's actions to an external provider.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its reliance on external tool schemas.
  • Ingestion points: Data returned from RUBE_SEARCH_TOOLS, specifically the recommended execution plans and known pitfalls fields.
  • Boundary markers: None. The skill does not implement delimiters or instructions for the agent to ignore embedded commands in the tool output.
  • Capability inventory: The skill can perform CRM operations via highlevel tools, execute arbitrary code via RUBE_REMOTE_WORKBENCH, and manage connections.
  • Sanitization: None. The instructions mandate using the exact schemas and plans returned by the remote search.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:32 PM