Security Audit

tisane-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

tisane-automation received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Prompt Injection and Arbitrary Tool Execution via Rube MCP.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
CRITICAL	Prompt Injection and Arbitrary Tool Execution via Rube MCP The skill documentation instructs the LLM to use Rube MCP tools such as `RUBE_SEARCH_TOOLS`, `RUBE_MULTI_EXECUTE_TOOL`, and `RUBE_REMOTE_WORKBENCH`. These tools accept user-controlled inputs (e.g., `use_case` for search queries and `arguments` for tool execution). Without strict input validation and sanitization, a malicious user prompt could inject instructions into these parameters. This could lead to: 1. Prompt Injection: Manipulating `RUBE_SEARCH_TOOLS` to discover unintended tools or internal system details, potentially revealing sensitive information about the Rube MCP or Tisane environment. 2. Arbitrary Tool Execution: Crafting arguments for `RUBE_MULTI_EXECUTE_TOOL` to execute unauthorized Tisane operations, leading to data exfiltration, modification, or other unauthorized actions within the Tisane system. 3. Excessive Permissions: The `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` implies a broad capability for executing arbitrary functions within the Composio ecosystem, which, if exposed to untrusted input, presents a significant security risk. Implement robust input validation and sanitization for all user-provided inputs passed to Rube MCP tools, especially `use_case` and `arguments`. Consider whitelisting allowed operations, tool slugs, or argument patterns where possible. Ensure the LLM's output for these parameters is carefully reviewed and constrained before execution. If `RUBE_REMOTE_WORKBENCH` allows arbitrary code execution, its usage should be severely restricted or removed from the skill's capabilities.	LLM	SKILL.md:36

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a0946cc56c3adc7c.svg)](https://skillshield.io/report/a0946cc56c3adc7c)