Skills
skills/composiohq/awesome-claude-skills/sendbird-automation/Gen Agent Trust Hub

sendbird-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection because it instructs the agent to fetch and follow 'recommended execution plans' and tool schemas from a remote, untrusted server (rube.app).
  • Ingestion points: The RUBE_SEARCH_TOOLS function fetches tool slugs, schemas, and plans from an external API.
  • Boundary markers: Absent. The instructions command the agent to 'Always search first' and follow the returned schemas and plans without validation.
  • Capability inventory: The skill provides RUBE_MULTI_EXECUTE_TOOL which can perform write operations (Sendbird automation) and RUBE_MANAGE_CONNECTIONS which handles authentication state.
  • Sanitization: None. The agent is encouraged to use exact field names and types from the untrusted search results.
  • [Unverifiable Dependencies] (MEDIUM): The skill requires adding https://rube.app/mcp as an MCP server. This domain is not a trusted source. Adding a remote MCP endpoint allows a third party to define the executable capabilities of the agent at runtime.
  • [Data Exposure & Exfiltration] (MEDIUM): All automation tasks and connection management for Sendbird are routed through the rube.app infrastructure. This exposes sensitive communication data and potentially authentication tokens to the third-party service provider.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:46 PM