ambee-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill mandates adding an unverified MCP server endpoint (https://rube.app/mcp) to the agent's configuration. This server serves as the source of tool definitions and logic.- REMOTE_CODE_EXECUTION (HIGH): The skill utilizes RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL to perform operations on the Composio platform. These tools allow for remote execution of tasks that are not audited within the skill's own code.- COMMAND_EXECUTION (MEDIUM): The workflow pattern requires the agent to dynamically fetch schemas via RUBE_SEARCH_TOOLS and execute them. This runtime command generation prevents static verification of the agent's actions.- INDIRECT_PROMPT_INJECTION (HIGH): Mandatory Evidence Chain: 1. Ingestion points: RUBE_SEARCH_TOOLS (SKILL.md) fetches tool schemas from an external server. 2. Boundary markers: Absent; instructions tell the agent to follow the search results implicitly. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (SKILL.md) allow side-effect-heavy operations. 4. Sanitization: Absent; the skill directs the agent to use 'exact field names and types' from the untrusted remote search results.
Recommendations
- AI detected serious security threats
Audit Metadata