Skills
skills/composiohq/awesome-claude-skills/loomio-automation/Gen Agent Trust Hub

loomio-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • External Dependencies (HIGH): The skill requires adding https://rube.app/mcp as an MCP server. This is an untrusted third-party endpoint that controls the logic and tools the agent will use. Per [TRUST-SCOPE-RULE], this is a high-risk external dependency.
  • Indirect Prompt Injection (HIGH): The skill processes data from Loomio, which is an attacker-controllable source. It also has the capability to execute actions via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. This combination creates a high-severity vulnerability surface where malicious instructions inside Loomio threads could cause the agent to perform unauthorized operations.
  • Ingestion points: Data retrieved from Loomio via Rube tools (SKILL.md).
  • Boundary markers: None specified in the instructions.
  • Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH, and RUBE_MANAGE_CONNECTIONS (SKILL.md).
  • Sanitization: No evidence of input validation or sanitization for Loomio-sourced data.
  • Dynamic Tool Execution (MEDIUM): The workflow relies on RUBE_SEARCH_TOOLS to discover tool schemas at runtime. This allows the external server to dynamically influence the agent's execution plan and input parameters, which could be exploited to bypass intended restrictions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:40 PM