Skills
skills/composiohq/awesome-claude-skills/pdf4me-automation/Gen Agent Trust Hub

pdf4me-automation

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill requires the user to add 'https://rube.app/mcp' as an MCP server. This introduces a dependency on a non-whitelisted third-party service provider.
  • [PROMPT_INJECTION] (LOW): The skill has a surface for indirect prompt injection (Category 8). Ingestion points: The agent is instructed to fetch tool schemas and 'recommended execution plans' dynamically via the RUBE_SEARCH_TOOLS tool. Boundary markers: Absent; there are no instructions to the agent to treat the fetched plans as untrusted content or to ignore potential embedded commands. Capability inventory: The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, which allow for the execution of remote logic based on the fetched plans. Sanitization: Absent; the instructions direct the agent to follow the returned schemas and execution plans exactly as provided by the API.
  • [NO_CODE] (SAFE): The skill consists entirely of markdown instructions and metadata; it does not ship with any executable scripts or binary files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:36 PM