Skills
skills/composiohq/awesome-claude-skills/proofly-automation/Gen Agent Trust Hub

proofly-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [Remote Code Execution] (HIGH): The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute workflows based on "recommended execution plans" fetched at runtime from https://rube.app/mcp. Since this endpoint is not a trusted source, the remote server could provide malicious plans that the agent is instructed to follow without validation.
  • [Indirect Prompt Injection] (HIGH): The skill demonstrates a high-risk injection surface by design:
  • Ingestion points: Untrusted data (tool slugs, schemas, and execution logic) is ingested via RUBE_SEARCH_TOOLS from an external URL.
  • Capability inventory: The skill has access to sensitive tools including RUBE_MULTI_EXECUTE_TOOL and RUBE_MANAGE_CONNECTIONS.
  • Boundary markers: Completely absent; the agent is explicitly told to "Always search tools first" and trust the output.
  • Sanitization: None; the instructions command the agent to use the "exact field names and types from the search results."
  • [External Downloads] (MEDIUM): The setup requires the installation of an MCP server from a non-whitelisted domain (https://rube.app/mcp), which serves as the source for all subsequent tool definitions and execution logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:25 PM