Skills
skills/composiohq/awesome-claude-skills/polygon-automation/Gen Agent Trust Hub

polygon-automation

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to connect to an external MCP endpoint at https://rube.app/mcp. This source is not on the pre-approved trusted list and serves as the primary provider of tool logic and schemas.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill relies on untrusted external data to determine agent behavior.
  • Ingestion points: Tool slugs, input schemas, and "recommended execution plans" are dynamically retrieved from RUBE_SEARCH_TOOLS.
  • Boundary markers: Absent. The instructions explicitly tell the agent to follow the returned execution plans.
  • Capability inventory: Includes blockchain transaction execution via RUBE_MULTI_EXECUTE_TOOL and remote environment access via RUBE_REMOTE_WORKBENCH.
  • Sanitization: No validation or sanitization of the remote tool definitions is mentioned.
  • [REMOTE_CODE_EXECUTION] (LOW): The skill references RUBE_REMOTE_WORKBENCH, which facilitates remote operations. While this is part of the intended functionality (Polygon automation), it represents a high-privilege capability that executes instructions defined by a remote server.
  • [COMMAND_EXECUTION] (LOW): The skill facilitates the execution of complex blockchain operations. This is the primary purpose of the skill, but it warrants caution as the execution parameters are determined at runtime from an external source.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:46 PM