repairshopr-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to add
https://rube.app/mcpas an MCP server. This domain is not included in the provided list of trusted external sources, requiring verification of the provider's security and data handling policies. - REMOTE_CODE_EXECUTION (MEDIUM): The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto perform operations. These tools execute logic on a remote server managed by the Rube/Composio platform, which constitutes remote execution of third-party tooling. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes external data from Repairshopr.
- Ingestion points: Data retrieved from Repairshopr API via tool outputs.
- Boundary markers: Absent. The instructions do not mandate the use of delimiters or 'ignore' instructions for the agent when handling data from the toolkit.
- Capability inventory: The agent can perform write operations, execute multi-tool sequences, and access a remote workbench via the provided MCP tools.
- Sanitization: Absent. There is no mention of validating or escaping content retrieved from Repairshopr before it is interpreted by the LLM.
Audit Metadata