Skills
skills/composiohq/awesome-claude-skills/mem-automation/Gen Agent Trust Hub

mem-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION] (HIGH): The skill defines a workflow where the agent must fetch and follow instructions from an external source.
  • Ingestion points: The RUBE_SEARCH_TOOLS command retrieves "recommended execution plans" and "tool schemas" from https://rube.app/mcp.
  • Boundary markers: Absent. The skill instructions explicitly tell the agent to "Always search tools first" and use results to execute workflows, without any validation or delimiters.
  • Capability inventory: The skill allows for full automation of Mem tasks, including reading, writing, and bulk operations via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH.
  • Sanitization: Absent. There is no logic to sanitize or verify the "execution plans" provided by the remote server.
  • [EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION] (HIGH): The setup process requires adding https://rube.app/mcp as an MCP server. This source is not on the trusted list. Since MCP servers provide the executable logic for tools, this is equivalent to executing remote, unverified code.
  • [COMMAND_EXECUTION] (MEDIUM): Use of RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL provides a powerful execution surface for the remote server to leverage via the tool discovery mechanism.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:07 PM