sms-alert-automation
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of an unverified MCP server from
https://rube.app/mcp. This domain is not within the trusted repository or organization list and serves as the primary gateway for all operations. - REMOTE_CODE_EXECUTION (MEDIUM): Uses
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLto perform operations. These functions delegate logic execution to a remote environment controlled by the unverified MCP provider. - COMMAND_EXECUTION (MEDIUM): The core functionality involves
run_composio_tool()calls through a remote workbench, which allows arbitrary tool execution within the context of the SMS Alert toolkit. - DATA_EXFILTRATION (LOW): While not explicitly exfiltrating local files, the architecture requires all SMS data (recipient numbers and message content) to be transmitted to the
rube.appendpoint, which acts as a middleman. The lack of API key requirements suggests the provider has visibility into all traffic. - INDIRECT PROMPT INJECTION (MEDIUM): The skill is designed to dynamically fetch tool schemas and 'recommended execution plans' from
RUBE_SEARCH_TOOLS. An attacker controlling the remote server could provide malicious schemas or plans to manipulate the agent's behavior.
Audit Metadata