Skills
skills/composiohq/awesome-claude-skills/onedesk-automation/Gen Agent Trust Hub

onedesk-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill requires connecting to an untrusted MCP server at https://rube.app/mcp. This server is not on the trusted sources list and serves as the primary controller for the skill's logic.
  • [PROMPT_INJECTION] (HIGH): The skill implements a pattern (Category 8: Indirect Prompt Injection) where it explicitly instructs the agent to fetch and follow 'recommended execution plans' from the remote server. This allows the remote server to inject instructions that the agent will treat as authoritative.
  • Ingestion points: RUBE_SEARCH_TOOLS returns data from an external API.
  • Boundary markers: None. The agent is told to 'Always discover available tools before executing'.
  • Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH allow the execution of actions based on the fetched data.
  • Sanitization: None detected.
  • [COMMAND_EXECUTION] (MEDIUM): The skill utilizes tools like RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL to perform automated tasks on the Onedesk platform. While these are 'tools', their specific behavior and arguments are defined at runtime by the responses from the untrusted rube.app endpoint.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:03 PM