affinity-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires adding 'https://rube.app/mcp' as an MCP server. This domain is not a trusted source, creating a dependency on an unverified third-party service.
- REMOTE_CODE_EXECUTION (MEDIUM): The use of 'RUBE_REMOTE_WORKBENCH' and 'RUBE_MULTI_EXECUTE_TOOL' involves executing logic on a remote environment managed by the Rube MCP provider.
- COMMAND_EXECUTION (MEDIUM): The skill dynamically discovers tool slugs and schemas via 'RUBE_SEARCH_TOOLS' and executes them. This 'search-then-execute' pattern could be exploited if the search results return malicious tool definitions.
- PROMPT_INJECTION (LOW): Category 8: Indirect Prompt Injection. Evidence Chain: 1. Ingestion points: Data retrieved from Affinity CRM via tools. 2. Boundary markers: Absent in the skill instructions. 3. Capability inventory: Remote tool execution (RUBE_MULTI_EXECUTE_TOOL) and workbench access. 4. Sanitization: No evidence of sanitization or validation of data retrieved from external CRM records before it is processed by the agent.
Audit Metadata