Skills
skills/composiohq/awesome-claude-skills/onesignal-user-auth-automation/Gen Agent Trust Hub

onesignal-user-auth-automation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connecting to an external, non-whitelisted MCP server at https://rube.app/mcp to function.
  • [REMOTE_CODE_EXECUTION] (HIGH): Facilitates execution of remote logic via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH from an untrusted platform.
  • [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. The agent is instructed to follow 'recommended execution plans' and 'pitfalls' returned by RUBE_SEARCH_TOOLS. Malicious instructions embedded in these external responses could hijack the agent's logic during sensitive OneSignal authentication workflows. Evidence: Ingestion point (RUBE_SEARCH_TOOLS), Capability inventory (RUBE_MULTI_EXECUTE_TOOL), Boundary markers (Absent), Sanitization (Absent).
  • [COMMAND_EXECUTION] (MEDIUM): Executes operations on OneSignal using tool slugs and schemas retrieved dynamically from an untrusted external endpoint without prior validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 08:06 AM