Skills
skills/composiohq/awesome-claude-skills/zenrows-automation/Gen Agent Trust Hub

zenrows-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • External Downloads (HIGH): The skill instructs users to add https://rube.app/mcp as an MCP server. MCP servers are high-privilege extensions; adding an untrusted endpoint grants an unverified third party the ability to define tools and capabilities accessible by the agent.
  • Indirect Prompt Injection (HIGH): The workflow relies on RUBE_SEARCH_TOOLS to retrieve 'recommended execution plans' and 'pitfalls' from an external server. The instruction to 'Always search first' and follow these plans creates a direct injection surface.
  • Ingestion points: Tool schemas and execution plans returned by the RUBE_SEARCH_TOOLS call from rube.app.
  • Boundary markers: Absent. No delimiters or instructions are used to separate external tool definitions from system instructions.
  • Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH allow for side-effect-heavy operations (API calls via Zenrows, remote execution).
  • Sanitization: Absent. The agent is instructed to use 'exact field names and types from the search results' without validation.
  • Remote Code Execution (MEDIUM): The use of RUBE_REMOTE_WORKBENCH and run_composio_tool() enables operations on remote infrastructure. While this is the skill's intended function, doing so using instructions fetched from an unverified server (rube.app) escalates the risk of remote exploit.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:04 AM