Skills
skills/composiohq/awesome-claude-skills/workable-automation/Gen Agent Trust Hub

workable-automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions direct the user to add an external, non-trusted MCP server endpoint (https://rube.app/mcp). This server provides the tool definitions and logic used by the agent.
  • REMOTE_CODE_EXECUTION (MEDIUM): The skill references the RUBE_REMOTE_WORKBENCH tool. Such tools typically allow for remote code execution (RCE) within a controlled environment, but the skill lacks visibility into the security boundaries of this remote environment.
  • DATA_EXFILTRATION (LOW): Authentication for the Workable toolkit is managed via RUBE_MANAGE_CONNECTIONS. While no secrets are hardcoded in the skill, the process involves sending authentication flows through the external rube.app infrastructure.
  • Indirect Prompt Injection (LOW): The skill relies on fetching dynamic tool schemas and "recommended execution plans" via RUBE_SEARCH_TOOLS. This creates an ingestion point where an attacker-controlled MCP server could influence the agent's behavior by providing malicious instructions within the tool metadata.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:37 PM