onesignal-user-auth-automation
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to add the Rube MCP server endpoint at
https://rube.app/mcp, which is used to provide tool definitions and execution capabilities. - [COMMAND_EXECUTION]: The skill leverages tools such as
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto execute operations on the OneSignal platform via the remote MCP infrastructure. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to the dynamic ingestion of tool schemas and recommended execution plans from the remote server.
- Ingestion points: Data retrieved via
RUBE_SEARCH_TOOLSfrom the MCP server. - Boundary markers: None identified in the skill instructions.
- Capability inventory: File contains
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH, andRUBE_MANAGE_CONNECTIONSfor executing remote tasks and managing credentials. - Sanitization: There are no mentioned mechanisms for sanitizing or validating the schemas returned by the discovery tool.
Audit Metadata