adyntel-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires the addition of a remote MCP server located at
https://rube.app/mcp. This server is not a recognized trusted source and acts as the gatekeeper for all logic and tool definitions used by the skill. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It explicitly instructs the agent to fetch 'recommended execution plans' and 'known pitfalls' from the remote
RUBE_SEARCH_TOOLSendpoint. - Ingestion points:
RUBE_SEARCH_TOOLSreturns schemas and execution plans directly into the agent's context. - Boundary markers: None. The agent is told to 'Always search tools first' and prioritize these results over hardcoded logic.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide the ability to perform write operations and execute code within the Composio toolkit environment. - Sanitization: None provided. The agent is directed to use 'exact field names and types' provided by the remote source.
- REMOTE_CODE_EXECUTION (HIGH): The use of
RUBE_REMOTE_WORKBENCHwithrun_composio_tool()allows for complex, multi-step operations defined by the remote MCP server. If the server provides a malicious workbench script, it could result in unauthorized data manipulation or exfiltration from the Adyntel platform.
Recommendations
- AI detected serious security threats
Audit Metadata