Security Audit
breezy-hr-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
breezy-hr-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unsanitized user input passed to tool parameters, Potential for arbitrary command execution via RUBE_REMOTE_WORKBENCH, Broad access to sensitive HR operations without scope limitation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential for arbitrary command execution via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for "Bulk ops". The term "workbench" often implies a flexible execution environment, and "bulk ops" suggests powerful capabilities. Without explicit sandboxing or strict input validation, this tool could allow the execution of arbitrary commands or code, leading to command injection. This also represents an excessive permission if the workbench can perform operations beyond the intended scope of the skill. Clarify the exact capabilities and security model of `RUBE_REMOTE_WORKBENCH`. If it allows arbitrary code or shell commands, it should be removed or heavily restricted. Implement strict input validation and sandboxing to prevent command injection. Ensure the LLM is instructed to only use this tool for predefined, safe operations. | LLM | SKILL.md:69 | |
| HIGH | Unsanitized user input passed to tool parameters The skill instructs the LLM to use `RUBE_SEARCH_TOOLS` with a `queries` parameter that includes `use_case: "your specific Breezy HR task"`. If "your specific Breezy HR task" is derived directly from untrusted user input without proper sanitization or validation, a malicious user could inject instructions or data that manipulate the `RUBE_SEARCH_TOOLS` behavior or the underlying search mechanism. Similarly, `RUBE_MULTI_EXECUTE_TOOL` takes `arguments` which are schema-compliant but ultimately influenced by user intent, posing a similar risk. Implement robust input validation and sanitization for all user-provided parameters before passing them to tool calls. Consider using allow-lists for `use_case` or strictly defining the expected format. Ensure the LLM is explicitly instructed on how to handle untrusted input for these parameters. | LLM | SKILL.md:39 | |
| HIGH | Broad access to sensitive HR operations without scope limitation The skill instructs the LLM to discover and execute tools from the `breezy_hr` toolkit via Rube MCP. This grants the LLM broad access to all available Breezy HR operations, which can include highly sensitive actions like managing employees, payroll, or confidential data. The skill does not define any specific scope limitations or implement a least-privilege approach, potentially allowing the LLM to perform unintended or unauthorized actions if prompted maliciously or if it misinterprets a user's request. Implement fine-grained access control for the `breezy_hr` toolkit, exposing only the necessary tools for specific use cases. Instruct the LLM to adhere to a least-privilege principle, requesting only the minimum necessary permissions for a given task. Consider using a tool manifest that explicitly lists allowed operations rather than relying on dynamic discovery for all operations. | LLM | SKILL.md:33 |
Scan History
Embed Code
[](https://skillshield.io/report/a83f2e5999b59581)
Powered by SkillShield