Skills
skills/composiohq/awesome-claude-skills/moosend-automation/Gen Agent Trust Hub

moosend-automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires adding an external, untrusted MCP server endpoint (https://rube.app/mcp) in the client configuration. This source is not among the verified or trusted organizations listed in the security guidelines.
  • COMMAND_EXECUTION (MEDIUM): The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute operations based on dynamic schemas and 'execution plans' fetched from the external API, creating a path for remote logic to influence local agent actions.
  • INDIRECT_PROMPT_INJECTION (LOW):
  • Ingestion points: The agent is instructed to fetch tool schemas and recommended execution plans via RUBE_SEARCH_TOOLS from the external Rube API.
  • Boundary markers: Absent; the instructions tell the agent to 'always search tools first' and use the results to define its behavior without specifying validation steps.
  • Capability inventory: The skill can execute Moosend API operations and arbitrary toolkit logic through the multi-execute and workbench tools.
  • Sanitization: None mentioned; the agent is explicitly told to use the 'exact field names and types' provided by the remote search results.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:48 PM