Skills
skills/composiohq/awesome-claude-skills/woodpecker-co-automation/Gen Agent Trust Hub

woodpecker-co-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill requires connecting to an external, unverified MCP server at https://rube.app/mcp. This server provides the tools and instructions that govern the agent's behavior.
  • [REMOTE_CODE_EXECUTION] (HIGH): Through RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, the skill executes logic provided by the remote MCP endpoint. The agent's actions are determined by tool slugs and schemas fetched at runtime from an external source.
  • [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection (Category 8). The workflow requires calling RUBE_SEARCH_TOOLS to retrieve 'recommended execution plans' and 'schemas'. This content is ingested directly into the agent's context and used to drive decision-making.
  • Ingestion points: RUBE_SEARCH_TOOLS response (SKILL.md)
  • Boundary markers: Absent; the agent is instructed to blindly use exact field names and recommended plans.
  • Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH (can modify state in Woodpecker.co account).
  • Sanitization: Absent.
  • [COMMAND_EXECUTION] (MEDIUM): The use of RUBE_REMOTE_WORKBENCH with run_composio_tool() implies a capability for executing complex logic or potentially shell-like commands within the remote environment provided by Composio.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:43 AM