Skills
skills/composiohq/awesome-claude-skills/passcreator-automation/Gen Agent Trust Hub

passcreator-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill retrieves 'recommended execution plans' and tool schemas from the external https://rube.app/mcp endpoint via RUBE_SEARCH_TOOLS. This allows a remote attacker to inject malicious instructions directly into the agent's workflow. * Ingestion points: RUBE_SEARCH_TOOLS response (tool descriptions, execution plans). * Boundary markers: None present; instructions explicitly direct the agent to follow search results. * Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH, RUBE_MANAGE_CONNECTIONS. * Sanitization: None.
  • Unverifiable Dependencies (HIGH): The skill requires a connection to an unverified external MCP server (https://rube.app/mcp). This server provides the primary logic and tool definitions, posing a risk of supply chain attack or service compromise.
  • Remote Code Execution (HIGH): The inclusion of RUBE_REMOTE_WORKBENCH indicates the capability to execute complex logic or code on a remote server controlled by a third party, bypassing local security controls.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:27 PM