agiled-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [External Dependency] (HIGH): The skill mandates the use of an unverified external MCP server at https://rube.app/mcp. This server is not part of the trusted organization list and acts as a man-in-the-middle for all Agiled interactions.
- [Indirect Prompt Injection] (HIGH): A critical vulnerability surface exists in the discovery-before-execution workflow. 1. Ingestion points: The RUBE_SEARCH_TOOLS response provides tool slugs, input schemas, and execution plans. 2. Boundary markers: Absent; instructions tell the agent to search first and use exact results. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide write and execution capabilities on the user's Agiled account. 4. Sanitization: Absent; the agent is instructed to use exact field names and types from the untrusted search results without validation.
- [Remote Code Execution] (HIGH): The skill utilizes RUBE_REMOTE_WORKBENCH, facilitating remote task execution via an external environment controlled by an untrusted third party.
- [Credential Safety] (MEDIUM): Agiled connection management is handled through an external authentication link provided by rube.app, meaning access tokens are likely managed by an unverified service provider.
Recommendations
- AI detected serious security threats
Audit Metadata