abyssale-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and obey instructions from an external source without validation.
- Ingestion points: The skill fetches 'input schemas, recommended execution plans, and known pitfalls' from the
RUBE_SEARCH_TOOLSfunction viahttps://rube.app/mcp(SKILL.md). - Boundary markers: None present. The instructions command the agent to 'Use exact field names' and follow the 'recommended execution plans' returned by the remote server.
- Capability inventory: The skill possesses the ability to execute tools (
RUBE_MULTI_EXECUTE_TOOL) and run remote logic (RUBE_REMOTE_WORKBENCH) within the Abyssale toolkit context. - Sanitization: No sanitization or verification of the remote instructions is performed before execution.
- [External Downloads] (MEDIUM): The skill mandates the use of an external MCP server (
https://rube.app/mcp) which is not on the trusted providers list. This server acts as the control plane for the skill's operations. - [Remote Code Execution] (HIGH): The workflow uses
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto execute logic on remote infrastructure based on parameters and plans determined at runtime by an external API.
Recommendations
- AI detected serious security threats
Audit Metadata