altoviz-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs the user to add an unverified third-party MCP endpoint (https://rube.app/mcp) to their configuration, which serves as the source for all tool definitions and logic.
- [PROMPT_INJECTION] (HIGH): Implements a high-risk indirect prompt injection surface by instructing the agent to follow 'recommended execution plans' and 'pitfalls' returned dynamically from the RUBE_SEARCH_TOOLS API. 1. Ingestion point: RUBE_SEARCH_TOOLS response content. 2. Boundary markers: Absent; the agent is explicitly told to follow the remote plan. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH allow for significant side-effect operations. 4. Sanitization: Absent.
- [COMMAND_EXECUTION] (MEDIUM): Provides powerful capabilities for executing multiple tools and remote workbench operations (RUBE_REMOTE_WORKBENCH) that are controlled by logic fetched from an external, untrusted source.
Recommendations
- AI detected serious security threats
Audit Metadata