sendfox-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (MEDIUM): The skill relies on
RUBE_SEARCH_TOOLSto fetch tool slugs and schemas at runtime from a remote server. This is a form of dynamic execution where the agent's actions are determined by data received from an external source. - Evidence: The instructions explicitly state 'Always search tools first for current schemas' and 'Never hardcode tool slugs or arguments'.
- Unverifiable Dependencies (LOW): The skill requires the addition of an external MCP server
https://rube.app/mcp. While associated with the Composio service, this is a third-party dependency not explicitly on the trusted list. - Evidence: 'Add https://rube.app/mcp as an MCP server in your client configuration.'
- Indirect Prompt Injection Surface (LOW): The skill processes untrusted data (tool schemas and execution plans) from a remote API and immediately uses that data to perform actions via
RUBE_MULTI_EXECUTE_TOOL. - Ingestion points:
RUBE_SEARCH_TOOLS(SKILL.md) - Boundary markers: None present.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH(SKILL.md) - Sanitization: No sanitization or validation of the remote schema is mentioned.
Audit Metadata