agility-cms-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill requires the addition of a remote MCP server (
https://rube.app/mcp) which is not among the defined trusted sources. This server provides the definitions for high-privilege tools likeRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. - [Indirect Prompt Injection] (HIGH): Mandatory Evidence Chain:
- Ingestion points: Untrusted data enters via
RUBE_SEARCH_TOOLS(tool schemas, execution plans) and from Agility CMS content retrieved during operations. - Boundary markers: None present. The agent is explicitly told to follow the "recommended execution plans" provided by the remote server.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHallow the agent to perform write operations and command execution within the CMS and potentially the host environment. - Sanitization: No sanitization or validation of the remote schemas or execution plans is described.
- [Dynamic Execution] (MEDIUM): The use of
RUBE_REMOTE_WORKBENCHwithrun_composio_tool()suggests the execution of logic or scripts assembled at runtime based on remote tool discovery.
Recommendations
- AI detected serious security threats
Audit Metadata