ambient-weather-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the use of an external MCP server endpoint (https://rube.app/mcp). This source is not on the trusted repository list, meaning the agent's logic and available tools are provided by a third party.
- [COMMAND_EXECUTION] (LOW): Operates through RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. These tools are discovered dynamically at runtime, creating a dependency on search results for operational integrity.
- [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection via tool search results (Category 8).
- Ingestion points: Metadata and schemas returned by RUBE_SEARCH_TOOLS from the rube.app server.
- Boundary markers: Absent; the skill does not instruct the agent to ignore instructions embedded in tool descriptions.
- Capability inventory: Execution of weather automation tools and access to a remote workbench environment.
- Sanitization: Absent; the skill directs the agent to follow the schemas and types provided by the external search results without validation.
Audit Metadata