acculynx-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to instructions embedded in external data it processes.
- Ingestion points:
RUBE_SEARCH_TOOLSfetches tool slugs, input schemas, and 'recommended execution plans' from a remote endpoint (SKILL.md). - Boundary markers: Absent. The instructions explicitly command the agent to trust and follow the remote service's output ('Always search tools first', 'Use exact field names').
- Capability inventory: The skill provides
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, enabling the execution of discovered tools with side effects on the Acculynx platform. - Sanitization: Absent. There is no indication of schema validation or plan verification before the agent executes the remotely-provided instructions.
- Remote Code Execution (HIGH): The skill mandates the addition of a remote MCP server (
https://rube.app/mcp). This server, which is not a pre-approved trusted source, provides the executable tool logic and interaction schemas, granting the external provider significant control over the agent's runtime environment.
Recommendations
- AI detected serious security threats
Audit Metadata