Skills
skills/composiohq/awesome-claude-skills/weathermap-automation/Gen Agent Trust Hub

weathermap-automation

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill requires the user to add an external MCP server endpoint https://rube.app/mcp. This domain is not included in the Trusted GitHub Organizations or Repositories list.
  • [COMMAND_EXECUTION] (LOW): The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute tools defined and hosted by the remote MCP server.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it instructs the agent to search for and follow tool schemas and execution plans provided by the external server. • Ingestion points: Tool definitions, input schemas, and execution plans are retrieved from the RUBE_SEARCH_TOOLS response via the rube.app endpoint. • Boundary markers: Absent; the instructions explicitly tell the agent to use the returned data to define its actions without specific delimiters or warnings to ignore instructions inside those schemas. • Capability inventory: The skill provides access to RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH, and RUBE_MANAGE_CONNECTIONS for remote execution and session management. • Sanitization: None; the skill encourages using exact field names and types provided by the remote search results.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM