Skills
skills/composiohq/awesome-claude-skills/onesignal_rest_api-automation/Gen Agent Trust Hub

onesignal_rest_api-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill exhibits a high-risk Indirect Prompt Injection surface by delegating instruction logic to an external source.
  • Ingestion points: The RUBE_SEARCH_TOOLS command (interacting with https://rube.app/mcp) returns 'Recommended execution plan steps' and 'Known pitfalls'.
  • Boundary markers: Absent. The agent is explicitly told to follow these externally-generated plans for its workflow.
  • Capability inventory: The agent has access to RUBE_MULTI_EXECUTE_TOOL (sending notifications/messages via OneSignal) and RUBE_REMOTE_WORKBENCH (remote code execution).
  • Sanitization: Absent. There is no mechanism to verify the safety of the instructions returned by the API.
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes RUBE_REMOTE_WORKBENCH to execute bulk operations using code patterns like ThreadPoolExecutor. This execution happens in a remote environment controlled by the MCP provider, potentially allowing for arbitrary code execution in that context.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill mandates connection to a non-standard MCP endpoint https://rube.app/mcp. This source is not verified or listed in the trusted repositories/organizations for agent skills.
  • [DATA_EXFILTRATION] (MEDIUM): By using a 'Remote Workbench' and a third-party MCP proxy, sensitive notification data, templates, and user segments from OneSignal are likely transmitted to and processed by the rube.app infrastructure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:58 PM