Security Audit
formsite-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
formsite-automation received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Prompt Injection in RUBE_SEARCH_TOOLS 'use_case', Risk of Command Injection or Excessive Permissions via RUBE_MULTI_EXECUTE_TOOL arguments, High Risk of Command Injection or Excessive Permissions via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Risk of Command Injection or Excessive Permissions via RUBE_MULTI_EXECUTE_TOOL arguments The `RUBE_MULTI_EXECUTE_TOOL` function allows the LLM to execute Formsite tools with `arguments` that are derived from user input and tool schemas. Although the skill instructs the LLM to use 'schema-compliant args,' a sophisticated prompt injection attack could trick the LLM into generating malicious arguments. If these arguments are not strictly validated by the underlying Formsite toolkit against the expected schema and sanitized, they could lead to unauthorized actions, data manipulation, or even command execution within the Formsite environment, depending on the capabilities of the specific Formsite tools. Implement strict server-side validation of all `arguments` passed to `RUBE_MULTI_EXECUTE_TOOL` against the tool's schema. Ensure that the underlying Formsite tools enforce the principle of least privilege and sanitize all inputs before processing. The LLM should be explicitly instructed and fine-tuned to prioritize schema compliance and security over user requests that deviate from safe parameters. | LLM | SKILL.md:58 | |
| HIGH | High Risk of Command Injection or Excessive Permissions via RUBE_REMOTE_WORKBENCH The `RUBE_REMOTE_WORKBENCH` tool, particularly with `run_composio_tool()`, is described for 'Bulk ops' and implies a powerful execution environment. If the arguments or the specific tool to be run via `run_composio_tool()` can be influenced by untrusted user input, this presents a significant risk. A malicious user could potentially instruct the LLM to execute arbitrary Composio tools or pass dangerous arguments, leading to command injection, unauthorized data access, or other critical security breaches within the Composio ecosystem. The term 'workbench' suggests a broad scope of capabilities that might not be adequately constrained. Restrict the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` to a predefined set of safe operations and strictly validate all inputs. Ensure that this tool operates with the principle of least privilege. If possible, avoid exposing such a powerful 'workbench' tool to direct LLM control based on untrusted user input without multiple layers of human approval or strict sandboxing. | LLM | SKILL.md:90 | |
| MEDIUM | Potential Prompt Injection in RUBE_SEARCH_TOOLS 'use_case' The `RUBE_SEARCH_TOOLS` function takes a `use_case` parameter (e.g., `queries: [{use_case: "your specific Formsite task"}]`) which is intended to be dynamically filled by the LLM based on user input. If the underlying system processing this `use_case` is an LLM or a search engine susceptible to prompt injection, a malicious user prompt could manipulate the search query. This could lead to unexpected tool discovery results, influence the LLM's subsequent actions, or potentially leak information about available tools or internal system workings. Implement robust input validation and sanitization for the `use_case` parameter before it is processed by any underlying LLM or search system. Ensure `RUBE_SEARCH_TOOLS` is resilient to prompt injection attempts by strictly defining the scope of acceptable `use_case` values or by using a non-LLM-based search mechanism. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/fdf837952d127384)
Powered by SkillShield