Skills
skills/composiohq/awesome-claude-skills/zylvie-automation/Gen Agent Trust Hub

zylvie-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [External Remote Service] (MEDIUM): The skill instructions require adding an untrusted endpoint (https://rube.app/mcp) as an MCP server. This source host is not on the trusted sources list.
  • [Indirect Prompt Injection] (HIGH): The skill architecture ingests untrusted data that directly influences agent behavior and tool usage.
  • Ingestion points: RUBE_SEARCH_TOOLS retrieves schemas and recommended execution plans from the remote server.
  • Boundary markers: Absent; there are no instructions to the agent to isolate or treat the server output as data rather than instructions.
  • Capability inventory: The skill has access to RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, which allow for broad action execution and potential code execution.
  • Sanitization: Absent; the agent is told to follow the 'exact field names' and 'recommended execution plans' provided by the remote source.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:45 AM