-21risk-automation
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to add 'https://rube.app/mcp' as a remote MCP server. This endpoint is not within the trusted source list and serves as the source for dynamic tool schemas and execution plans.
- COMMAND_EXECUTION (HIGH): Use of 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' provides capabilities to modify external data (21risk). This creates a high-risk surface for unauthorized actions if the tool definitions are compromised.
- PROMPT_INJECTION (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8). Mandatory Evidence Chain: 1. Ingestion: Ingests tool definitions and execution plans via 'RUBE_SEARCH_TOOLS'. 2. Boundaries: No delimiters are used to isolate untrusted tool schemas from instructions. 3. Capabilities: Write access to 21risk operations and remote workbench execution. 4. Sanitization: Absent.
- Dynamic Execution (MEDIUM): Tool slugs and arguments are derived at runtime from external search results, making the agent's behavior dependent on remote content.
Recommendations
- AI detected serious security threats
Audit Metadata