ai-ml-api-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to configure 'https://rube.app/mcp' as an MCP server. This is an untrusted third-party source not included in the Trusted External Sources list. This connection allows an external entity to define the agent's available tools and logic.
- REMOTE_CODE_EXECUTION (HIGH): By adding an untrusted MCP server, the agent is effectively granting that server the ability to execute code or perform actions on the host machine via the tools it provides (e.g., RUBE_MULTI_EXECUTE_TOOL).
- COMMAND_EXECUTION (MEDIUM): The skill utilizes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' to perform automated tasks. These tools provide significant operational power which could be abused if the input schemas are poisoned.
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Data entering through 'RUBE_SEARCH_TOOLS' responses (which define schemas) and content processed from external AI/ML APIs.
- Boundary markers: None identified in the instruction set to separate instructions from untrusted data.
- Capability inventory: Significant 'write/execute' capabilities including 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH'.
- Sanitization: No evidence of sanitization or validation of the schemas or data returned from the external MCP server or APIs before they are used to drive agent decisions.
Recommendations
- AI detected serious security threats
Audit Metadata