Security Audit
prisma-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
prisma-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Broad access to Prisma database operations, Unpinned Rube MCP dependency, Undocumented `RUBE_REMOTE_WORKBENCH` functionality poses injection risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad access to Prisma database operations The skill grants extensive access to Prisma operations via `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. These tools can perform full CRUD (Create, Read, Update, Delete) operations on the connected database. While this is the intended functionality, it means a malicious prompt could instruct the LLM to perform unauthorized data manipulation or exfiltration if not properly constrained by the LLM's internal safeguards or the Rube MCP's access controls. The skill documentation itself does not specify any granular permission limitations, making it a high-privilege skill. Implement fine-grained access control within the Rube MCP or Composio platform for Prisma operations. Ensure the LLM is strictly sandboxed and cannot be prompted to perform actions outside its intended scope. Consider adding explicit warnings about the power of these tools and requiring human approval for sensitive operations. | LLM | SKILL.md:50 | |
| HIGH | Undocumented `RUBE_REMOTE_WORKBENCH` functionality poses injection risk The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops' but provides no details or examples of its usage. The terms 'workbench' and 'run_composio_tool()' strongly suggest a capability to execute arbitrary code or complex commands. If this tool allows for unvalidated user input to be executed as code or interpreted as commands, it presents a significant command injection or prompt injection vulnerability, potentially allowing an attacker to execute arbitrary commands on the underlying system or manipulate the Rube MCP's internal logic. Provide clear and comprehensive documentation for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`, including input schemas, expected behavior, and security implications. Implement strict input validation and sanitization for all arguments passed to this tool to prevent command or prompt injection. If it allows arbitrary code execution, it should be explicitly flagged as such and restricted to trusted environments with robust sandboxing. | LLM | SKILL.md:78 | |
| MEDIUM | Unpinned Rube MCP dependency The skill's manifest declares a dependency on 'rube' MCP without specifying a version (`"mcp": ["rube"]`). This unpinned dependency means that updates to the 'rube' MCP could introduce breaking changes, vulnerabilities, or even malicious code without explicit review or consent, posing a supply chain risk. Relying on the latest version without pinning can lead to unexpected behavior or security compromises. Pin the 'rube' MCP dependency to a specific, known-good version in the skill's manifest to ensure stability and security. Regularly review and update dependencies to mitigate supply chain risks. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6f07120b0169017c)
Powered by SkillShield