adobe-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted execution plans and tool schemas from an external source and has the capability to execute those tools.
- Ingestion points: Tool slugs, input schemas, and recommended execution plans are retrieved from the
RUBE_SEARCH_TOOLSfunction (SKILL.md). - Boundary markers: None. The agent is instructed to use the exact field names and types provided by the remote search results.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHallow for the execution of arbitrary tools and workflows defined by the remote endpoint. - Sanitization: None detected. The skill lacks validation or sanitization of the remote tool definitions before execution.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill relies on dynamic tool discovery and execution. Since the tool definitions and execution plans are provided by an external, non-whitelisted server (
rube.app), this facilitates the execution of untrusted logic within the agent's environment. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to add an external MCP endpoint (
https://rube.app/mcp) which is not a pre-approved or trusted source according to the security policy. - [COMMAND_EXECUTION] (MEDIUM): The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto perform operations, which are high-privilege commands that can lead to unintended side effects if the tool parameters are manipulated via injection.
Recommendations
- AI detected serious security threats
Audit Metadata