Skills
skills/composiohq/awesome-claude-skills/Uploadcare Automation/Gen Agent Trust Hub

Uploadcare Automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted data (file names, metadata) from the Uploadcare API via the UPLOADCARE_LIST_FILES and UPLOADCARE_GET_FILE_INFO tools.
  • Ingestion points: File metadata, specifically file names and descriptions retrieved during listing or inspection (SKILL.md).
  • Boundary markers: None present. There are no instructions for the agent to ignore or delimit instructions found within file metadata.
  • Capability inventory: The skill can store files (UPLOADCARE_STORE_FILE) and generate download URLs, providing a path for the agent to act on malicious instructions embedded in file names.
  • Sanitization: No evidence of metadata sanitization or validation before presenting to the agent.
  • [External Downloads] (MEDIUM): The skill requires the installation of the rube MCP server from https://rube.app/mcp. This is an external remote dependency from an unverified source not included in the Trusted External Sources list.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 12:35 AM