agenty-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the agent to configure and use an external MCP server located at
https://rube.app/mcp. This domain is not included in the pre-approved trusted source list. While necessary for the skill's functionality, it introduces a dependency on untrusted external infrastructure. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The agent is instructed to ingest data from
RUBE_SEARCH_TOOLS, which returns tool slugs and "recommended execution plans". - Boundary markers: Absent. There are no instructions to the agent to treat the execution plans or schemas as data rather than instructions.
- Capability inventory: The skill possesses significant capabilities via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, allowing the execution of arbitrary Agenty tools. - Sanitization: Absent. The skill explicitly tells the agent to use "exact field names" and follow the "recommended execution plans" provided by the external tool, which could be poisoned by a malicious server response.
Audit Metadata