Composio

The skill bundle is classified as suspicious due to the inclusion of highly privileged capabilities, specifically `COMPOSIO_REMOTE_WORKBENCH` and `COMPOSIO_REMOTE_BASH_TOOL` described in `skill.md`. These tools allow for arbitrary Python code execution (including helper functions like `upload_local_file` for potential data exfiltration and `proxy_execute` for direct API calls to connected services) and arbitrary Bash command execution within a persistent sandbox. While these capabilities are presented as legitimate features for advanced automation, they introduce significant risk if the AI agent is compromised via prompt injection, potentially leading to unauthorized data access, exfiltration, or control over connected applications.