adrapid-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill instructs users to add https://rube.app/mcp as an MCP server endpoint. This domain is not in the trusted sources list, meaning the agent will retrieve tool definitions and operational logic from an unverifiable third-party service.
- [Dynamic Execution] (MEDIUM): The operations RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH facilitate the execution of tasks defined at runtime by the remote server, creating a surface for remote command or logic manipulation.
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted tool schemas and use-case data from the remote server. 1. Ingestion points: Tool discovery responses from RUBE_SEARCH_TOOLS. 2. Boundary markers: Absent; no instructions to ignore embedded commands in schemas. 3. Capability inventory: Capability to execute multi-step tools via RUBE_MULTI_EXECUTE_TOOL. 4. Sanitization: Absent; instructions mandate using exact field names and types provided by the search results.
Audit Metadata