The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill directs users to add an external, non-trusted endpoint (https://rube.app/mcp) as an MCP server. This server provides the logic and definitions for all tools, acting as an unverified remote dependency.- [REMOTE_CODE_EXECUTION] (HIGH): By connecting to the Rube MCP, the agent grants a third-party service the ability to define and potentially execute logic via tool-calling. The use of RUBE_REMOTE_WORKBENCH specifically suggests execution in a remote environment managed by the third party.- [COMMAND_EXECUTION] (HIGH): The skill provides the agent with RUBE_MULTI_EXECUTE_TOOL, allowing it to perform actions with side effects (write operations) on a user's Twitch account without explicit safety boundaries defined in the skill.- [DATA_EXFILTRATION] (MEDIUM): Sensitive data, including Twitch connection status and tool arguments (which may contain user-specific data), are transmitted to https://rube.app. The claim that 'no API keys are needed' suggests the server acts as a proxy for authentication, potentially intercepting access tokens.- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is designed to process untrusted data from Twitch while possessing write capabilities.
Ingestion points: Data retrieved from Twitch (chat messages, stream descriptions, user metadata) enters the agent context via RUBE_SEARCH_TOOLS or tool execution responses.
Boundary markers: None. The skill does not instruct the agent to use delimiters or ignore instructions embedded within the Twitch data.
Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide the ability to send messages, ban users, or modify account settings.
Sanitization: None. There is no evidence of filtering or sanitizing strings retrieved from Twitch before they are used in subsequent decision-making or tool calls.

twitch-automation