Skills
skills/composiohq/awesome-claude-skills/proxiedmail-automation/Gen Agent Trust Hub

proxiedmail-automation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill creates a significant attack surface by processing untrusted data from emails via Proxiedmail.
  • Ingestion points: Incoming emails retrieved through the Proxiedmail toolkit.
  • Boundary markers: Absent. There are no instructions to use delimiters or to treat email content as untrusted data.
  • Capability inventory: The skill uses RUBE_MULTI_EXECUTE_TOOL for arbitrary tool execution and RUBE_REMOTE_WORKBENCH for executing tasks in a remote environment.
  • Sanitization: Absent. There is no mention of filtering or validating content before it is processed by the LLM or tools.
  • [Unverifiable Dependencies] (MEDIUM): The skill requires connecting to an external MCP server at https://rube.app/mcp. This domain is not on the trusted sources list, making it an unverified remote dependency.
  • [Remote Code Execution] (MEDIUM): The RUBE_REMOTE_WORKBENCH tool, specifically mentioned with run_composio_tool(), provides a mechanism for dynamic task execution that could be exploited if the agent follows instructions embedded in malicious emails.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 08:01 AM