Skills
skills/composiohq/awesome-claude-skills/parseur-automation/Gen Agent Trust Hub

parseur-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • External Downloads & Unverifiable Dependencies (HIGH): The skill requires the user to add a remote MCP server from an untrusted source (https://rube.app/mcp). This server provides the logic and tool schemas at runtime, which is outside the control of the local environment and not from a verified organization.
  • Indirect Prompt Injection (HIGH):
  • Ingestion points: The skill is designed to automate 'Parseur operations', which typically involve processing untrusted data from emails, PDFs, and other documents.
  • Boundary markers: No delimiters or 'ignore instructions' warnings are provided to separate the parsed content from the agent's operational logic.
  • Capability inventory: The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, granting the agent broad execution and file-system-like capabilities via the Composio toolkit.
  • Sanitization: There is no evidence of sanitization or validation of the data returned by Parseur before it influences subsequent tool calls.
  • Dynamic Execution (MEDIUM): The workflow relies on RUBE_SEARCH_TOOLS to return 'recommended execution plans' and schemas at runtime. This allows a remote, untrusted server to dynamically influence the agent's decision-making and logic flow.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:32 PM