Skills
skills/composiohq/awesome-claude-skills/zoominfo-automation/Gen Agent Trust Hub

zoominfo-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [External Dependencies] (HIGH): The skill requires users to add https://rube.app/mcp as an MCP server. This domain is not within the trusted scope. The external server provides the tool definitions, schemas, and execution plans, effectively allowing the remote endpoint to control the agent's logic.
  • [Remote Code Execution] (HIGH): The RUBE_REMOTE_WORKBENCH tool allows for remote script or command execution via Composio. When combined with the untrusted MCP server, this presents a significant risk of arbitrary execution.
  • [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data (Zoominfo profiles/leads) and has high-privilege capabilities.
  • Ingestion points: Zoominfo search results and profile data (SKILL.md).
  • Boundary markers: None; there are no instructions to delimit or ignore instructions within the Zoominfo data.
  • Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH, and connection management tools.
  • Sanitization: No sanitization or validation of the external content is performed before the agent uses it to decide on further tool calls.
  • [Data Exposure] (MEDIUM): Sensitive business information from Zoominfo and session management data are routed through the rube.app infrastructure, which is not a verified trusted entity.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:39 AM