Skills
skills/composiohq/awesome-claude-skills/winston-ai-automation/Gen Agent Trust Hub

winston-ai-automation

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is designed to ingest and act upon data retrieved from an external server at runtime via RUBE_SEARCH_TOOLS.\n
  • Ingestion points: Data enters the agent context through the RUBE_SEARCH_TOOLS response (referenced in SKILL.md).\n
  • Boundary markers: None mentioned; the instructions do not suggest using delimiters to separate retrieved schemas from system instructions.\n
  • Capability inventory: The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute commands based on the ingested data.\n
  • Sanitization: No sanitization or validation of the remote schemas is mentioned.\n- [External References] (SAFE): The skill points to https://rube.app/mcp and composio.dev. While these are not in the predefined trusted source list, they are presented as the primary service endpoint for the skill's stated purpose and do not involve immediate remote script execution (curl|bash).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:36 PM