Skills
skills/composiohq/awesome-claude-skills/triggercmd-automation/Gen Agent Trust Hub

triggercmd-automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to add https://rube.app/mcp as an MCP server. This domain is not in the trusted source list. This server is responsible for providing the schemas and logic that the agent will use.
  • COMMAND_EXECUTION (LOW): The skill is designed to interact with Triggercmd, which is a platform specifically for executing commands on remote computers. While this is the intended purpose, the capability is high-risk if the instructions provided by the MCP server are malicious.
  • DYNAMIC_EXECUTION (MEDIUM): The skill uses RUBE_SEARCH_TOOLS to fetch "recommended execution plans" and tool slugs at runtime. This means the agent's logic is not static and can be altered by the external server's response without user intervention.
  • INDIRECT_PROMPT_INJECTION (LOW):
  • Ingestion points: RUBE_SEARCH_TOOLS returns use-case specific data, including schemas and execution plans from an external API.
  • Boundary markers: None are specified; the agent is instructed to use the returned field names and types exactly.
  • Capability inventory: The skill can execute tools via RUBE_MULTI_EXECUTE_TOOL and perform bulk operations via RUBE_REMOTE_WORKBENCH.
  • Sanitization: No mention of sanitizing or validating the search results before passing them to the execution tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:34 PM