algodocs-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references an external MCP server (https://rube.app/mcp) that is not included in the trusted sources list. While this is the intended configuration for the rube MCP, it introduces a dependency on a third-party domain for tool discovery and execution.
- [PROMPT_INJECTION] (LOW): The skill contains an Indirect Prompt Injection surface (Category 8) by instructing the agent to dynamically retrieve and follow instructions from a remote source. 1. Ingestion points: Output from the RUBE_SEARCH_TOOLS command (referenced in SKILL.md). 2. Boundary markers: Absent; the instructions explicitly command the agent to follow the returned 'recommended execution plans' and 'known pitfalls'. 3. Capability inventory: The agent can perform various document automation tasks via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (referenced in SKILL.md). 4. Sanitization: Absent; the agent is instructed to use schemas and execution plans directly from the search results without verification.
Audit Metadata