anonyflow-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the configuration of an external MCP server at 'https://rube.app/mcp'. Neither the domain nor the organization (Composio) is on the trusted list, posing a risk of malicious tool definitions or untrusted server-side behavior.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): Tools such as 'RUBE_REMOTE_WORKBENCH' and 'RUBE_MULTI_EXECUTE_TOOL' facilitate logic execution on external infrastructure. This introduces a dependency on the security and integrity of the remote execution environment.\n- [Indirect Prompt Injection] (LOW):\n
- Ingestion points: Dynamic tool schemas and execution plans are ingested from the 'RUBE_SEARCH_TOOLS' response.\n
- Boundary markers: Absent; the instructions tell the agent to follow the returned 'recommended execution plans' directly.\n
- Capability inventory: High; provides capabilities to execute arbitrary tools and manage remote workbenches.\n
- Sanitization: Absent; the agent is instructed to use exact field names and types from search results without validation.
Audit Metadata