abstract-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill requires adding an external MCP server from https://rube.app/mcp. This is an untrusted source that provides the definitions and logic for the agent's tools, posing a risk of remote logic manipulation.
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection (Category 8). Ingestion points: Data retrieved from Abstract via tools (SKILL.md). Boundary markers: Absent (SKILL.md); there are no instructions to delimit or ignore instructions found in external project content. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (SKILL.md) provide significant write and execution permissions. Sanitization: Absent (SKILL.md); the skill does not validate or sanitize data before it influences agent behavior. This allows malicious data in Abstract to potentially hijack the agent's workflow and execute unauthorized operations.
Recommendations
- AI detected serious security threats
Audit Metadata