Skills
skills/composiohq/awesome-claude-skills/pexels-automation/Gen Agent Trust Hub

pexels-automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the configuration of an external MCP server at https://rube.app/mcp. This domain is not included in the list of trusted GitHub organizations or verified providers, posing a supply-chain risk where the remote server could be altered without notice.
  • REMOTE_CODE_EXECUTION (MEDIUM): Through tools like RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL, the agent executes operations orchestrated by the remote server. If the server is compromised, it could provide malicious execution plans to the agent.
  • DYNAMIC_EXECUTION (MEDIUM): The instructions mandate calling RUBE_SEARCH_TOOLS to fetch schemas and execution plans at runtime. This creates a pattern where the agent's operational logic is entirely determined by untrusted remote data rather than static, reviewed code.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill ingests data from Pexels (external API results). While a standard function, this constitutes an attack surface for indirect prompt injection if the ingested content (e.g., image metadata) contains malicious instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:42 PM