Skills
skills/composiohq/awesome-claude-skills/Toggl Automation/Gen Agent Trust Hub

Toggl Automation

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires users to add the rube MCP server (https://rube.app/mcp), which is not a recognized trusted source. This introduces a third-party dependency into the agent's environment, where all Toggl-related data and tool calls are proxied through an unverified external service.\n- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the Toggl API (e.g., project names, tags, and descriptions) and incorporates it into the agent's context.\n
  • Ingestion points: SKILL.md specifies tools like TOGGL_GET_PROJECTS, TOGGL_GET_TAGS, and TOGGL_GET_LIST_CLIENTS that retrieve external data.\n
  • Boundary markers: None present. There are no instructions to the agent to treat retrieved data as untrusted or to ignore embedded commands.\n
  • Capability inventory: The skill includes state-changing operations such as TOGGL_CREATE_TIME_ENTRY and TOGGL_CREATE_PROJECT.\n
  • Sanitization: None present. Data from external API calls is passed directly to the agent without filtering or escaping.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 01:44 AM