accredible-certificates-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs users to connect to
https://rube.app/mcp. This is an unverified third-party endpoint not included in the list of trusted providers. Connecting an agent to an external MCP server allows the remote host to provide tool definitions and logic that the agent will execute. - [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL. These capabilities allow for the execution of complex workflows and potential code execution in a remote environment managed by the unverified provider. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Data entering the agent context includes tool schemas from
RUBE_SEARCH_TOOLSand certificate metadata fetched from the Accredible API. - Boundary markers: No boundary markers or 'ignore embedded instructions' delimiters are defined for processing external data.
- Capability inventory: The skill possesses high-tier capabilities, including
RUBE_MULTI_EXECUTE_TOOLfor modifying certificates andRUBE_REMOTE_WORKBENCHfor potentially arbitrary logic execution. - Sanitization: There is no evidence of sanitization or validation of the content retrieved from external certificate fields before it is used in the multi-step execution pipeline.
- [COMMAND_EXECUTION] (MEDIUM): The workflow patterns involve dynamic tool discovery and execution where tool slugs and arguments are derived at runtime from search results, which could be manipulated by the remote server to execute unintended commands.
Recommendations
- AI detected serious security threats
Audit Metadata