affinda-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs users to add an untrusted external MCP endpoint (
https://rube.app/mcp). This domain is not within the defined Trusted External Sources, meaning the logic and tools provided by this server have not been verified. - [REMOTE_CODE_EXECUTION] (HIGH): Through the use of
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, the skill facilitates the execution of remote logic. Because these tools are sourced from an untrusted endpoint, this creates a significant risk for remote code execution if the server is compromised or malicious. - [INDIRECT_PROMPT_INJECTION] (HIGH):
- Ingestion points: Untrusted data enters the agent context via
RUBE_SEARCH_TOOLSandRUBE_GET_TOOL_SCHEMAS(documented in SKILL.md). - Boundary markers: Absent. The instructions explicitly tell the agent to follow the returned schemas blindly ("Always search tools first for current schemas").
- Capability inventory: High. The skill can execute multiple tools and perform bulk operations via a remote workbench.
- Sanitization: Absent. No validation or filtering of the remote schemas is mentioned.
- Analysis: This design creates a large attack surface. A malicious remote server could return tool descriptions that contain embedded instructions, tricking the agent into performing unauthorized actions under the guise of normal Affinda automation.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses
RUBE_MULTI_EXECUTE_TOOLto perform actions with arguments derived dynamically at runtime. This dynamic assembly of commands based on external data is a dangerous pattern that can lead to command injection if the input is not strictly validated.
Recommendations
- AI detected serious security threats
Audit Metadata