Skills
skills/composiohq/awesome-claude-skills/verifiedemail-automation/Gen Agent Trust Hub

verifiedemail-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to ingest and follow instructions, tool schemas, and "recommended execution plans" from a remote source via RUBE_SEARCH_TOOLS.
  • Ingestion points: The output of RUBE_SEARCH_TOOLS in SKILL.md directly informs the agent's next steps.
  • Boundary markers: Absent. The instructions encourage the agent to "Always search tools first" and follow the returned plans without validation.
  • Capability inventory: Includes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, providing significant side-effect capabilities based on remote input.
  • Sanitization: Absent. There is no mention of validating tool slugs or argument schemas returned by the server.
  • External Dependencies (HIGH): The setup instructions require adding an unverified external endpoint (https://rube.app/mcp) as a core component of the agent's environment. This endpoint is not on the list of trusted sources and effectively controls the logic of the skill.
  • Dynamic Execution (MEDIUM): The skill uses RUBE_MULTI_EXECUTE_TOOL to run tool slugs discovered at runtime. This dynamic execution of remote-defined logic bypasses static analysis of what the skill actually does.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:46 AM