Security Audit

pdf4me-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

pdf4me-automation received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Broad execution capability via RUBE_REMOTE_WORKBENCH, Potential for tool argument injection via RUBE_MULTI_EXECUTE_TOOL.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

86%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Broad execution capability via RUBE_REMOTE_WORKBENCH The skill describes the use of `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This suggests a powerful, potentially broad execution capability that could allow for complex or arbitrary operations within the Composio ecosystem. Without further details on the scope and sandboxing of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`, this represents a potential for excessive permissions, where an agent could be instructed to perform actions beyond the intended scope of Pdf4me automation. Clarify the exact capabilities and limitations of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure strong sandboxing, access controls, and input validation are in place for this tool. Agents should be explicitly instructed on its safe and intended use, and its invocation should be carefully monitored.	LLM	SKILL.md:96
MEDIUM	Potential for tool argument injection via RUBE_MULTI_EXECUTE_TOOL The skill describes using `RUBE_MULTI_EXECUTE_TOOL` with arguments that are expected to be 'schema-compliant'. If an agent processes untrusted user input and directly maps it to these arguments without proper validation or sanitization, it could lead to an injection attack against the underlying Pdf4me API. An attacker could craft input that causes the Pdf4me tool to perform unintended actions by manipulating the `arguments` dictionary. Implement strict input validation and sanitization for any user-provided data that is used to construct arguments for `RUBE_MULTI_EXECUTE_TOOL`. The agent should be explicitly instructed to validate and sanitize all external inputs before passing them to tool arguments. Consider using a strict schema validation library.	LLM	SKILL.md:67

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a1aa205d9ffd36c6.svg)](https://skillshield.io/report/a1aa205d9ffd36c6)