algolia-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill requires connecting to an external MCP server at https://rube.app/mcp. This source is not on the trusted list and provides the agent with executable tools and dynamic logic from an unverified remote endpoint.
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-privilege attack surface by processing external content from Algolia indices while having access to write/execute tools. Evidence: 1. Ingestion: Algolia search and tool outputs enter the context. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (run_composio_tool) allow for state changes and script execution. 4. Sanitization: No input validation or filtering of external content is described.
- [Dynamic Execution] (HIGH): The workflow relies on RUBE_SEARCH_TOOLS to provide 'recommended execution plans' at runtime. This allows an external server to dynamically inject the agent's decision-making logic and command sequences.
Recommendations
- AI detected serious security threats
Audit Metadata