agentql-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to automate Agentql, which primarily processes external web content. This untrusted data can contain hidden instructions to hijack the agent. Ingestion points: External web content processed by Agentql. Boundary markers: None specified in instructions to separate data from commands. Capability inventory: Browser automation and tool execution via RUBE_MULTI_EXECUTE_TOOL. Sanitization: None.
- [External Downloads] (MEDIUM): The skill requires connecting to an external MCP server at https://rube.app/mcp, which is an unverified source not present on the trusted provider list.
- [Command Execution] (MEDIUM): The skill uses RUBE_MULTI_EXECUTE_TOOL to run tools based on dynamic schemas retrieved from the remote server at runtime, allowing the external service to influence agent operations.
Recommendations
- AI detected serious security threats
Audit Metadata