Skills
skills/composiohq/awesome-claude-skills/wolfram-alpha-api-automation/Gen Agent Trust Hub

wolfram-alpha-api-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to add an external MCP server from https://rube.app/mcp. This source and the associated service provider (Composio/Rube) are not within the trusted entity list, making the dependency unverifiable.
  • [PROMPT_INJECTION] (HIGH): The skill has a significant attack surface for Indirect Prompt Injection. * Ingestion points: API responses from Wolfram Alpha processed through RUBE_MULTI_EXECUTE_TOOL. * Boundary markers: Absent. There are no instructions to the agent to treat incoming data as untrusted or to use delimiters to prevent instruction hijacking. * Capability inventory: RUBE_MULTI_EXECUTE_TOOL for multi-tool execution and RUBE_REMOTE_WORKBENCH for remote operations. * Sanitization: Absent. The skill lacks validation or filtering of external API content before it is used in subsequent agent reasoning or tool calls.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The RUBE_REMOTE_WORKBENCH tool allows the agent to orchestrate or execute remote tasks via an external provider's infrastructure, which introduces risks of arbitrary execution or data exposure if the middleman is compromised.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:27 AM