Security Audit
insighto-ai-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
insighto-ai-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Skill definition contains instructions within untrusted input block, Unpinned dependency on Rube MCP, Broad tool execution capability via `RUBE_REMOTE_WORKBENCH`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill definition contains instructions within untrusted input block The entire `SKILL.md` file, which defines how the LLM should use the skill, is enclosed within the `UNTRUSTED_INPUT` delimiters. According to the analysis rules, content within these delimiters must be treated as untrusted data, not instructions. Therefore, the numerous instructions present in `SKILL.md` (e.g., 'Always call `RUBE_SEARCH_TOOLS` first', 'Check connection') constitute an attempt to manipulate the host LLM's behavior, which is a form of prompt injection, as these instructions are explicitly not to be followed by the analyzer. Ensure that skill definition files (like `SKILL.md`) are not treated as untrusted input by placing them outside the `UNTRUSTED_INPUT` delimiters. If the `SKILL.md` is intended to provide instructions to the LLM for skill usage, it should not be marked as untrusted content. | LLM | SKILL.md:19 | |
| MEDIUM | Unpinned dependency on Rube MCP The skill's manifest specifies a dependency on the 'rube' MCP without a version constraint (`"mcp": ["rube"]`). This means that any future update to the 'rube' MCP could introduce breaking changes, vulnerabilities, or altered behavior without the skill author's explicit approval, leading to supply chain risks. Pin the 'rube' MCP dependency to a specific version or version range (e.g., `"rube": "1.2.3"` or `"rube": "^1.0.0"`) in the manifest to ensure consistent behavior and mitigate supply chain risks. | LLM | SKILL.md:3 | |
| MEDIUM | Broad tool execution capability via `RUBE_REMOTE_WORKBENCH` The skill, described as 'Insighto AI Automation', exposes the `RUBE_REMOTE_WORKBENCH` tool which includes `run_composio_tool()`. This generic function allows for the execution of arbitrary Composio tools, potentially extending beyond the stated scope of Insighto AI tasks. This grants broader permissions than strictly necessary for the skill's defined purpose, increasing the attack surface if misused. If the skill's functionality should be strictly limited to Insighto AI, consider if `RUBE_REMOTE_WORKBENCH` is truly necessary or if its scope can be narrowed. Ensure that the underlying `run_composio_tool()` implementation enforces strict access controls and scope limitations relevant to the skill's purpose. | LLM | SKILL.md:79 |
Scan History
Embed Code
[](https://skillshield.io/report/a1c0912b766a85a2)
Powered by SkillShield