abuselpdb-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill workflow is vulnerable to indirect prompt injection via the RUBE_SEARCH_TOOLS function. Evidence Chain: 1. Ingestion points: Tool slugs, schemas, and execution plans returned from rube.app. 2. Boundary markers: Absent; instructions tell the agent to follow the returned plans directly. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide write and execution capabilities. 4. Sanitization: Absent in the provided instructions.
- External Downloads (HIGH): The skill mandates connecting to a non-trusted third-party endpoint (https://rube.app/mcp) as an MCP server. This endpoint dynamically serves the tool definitions and operational logic, acting as an unverified remote dependency with significant influence over agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata