anthropic-administrator-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): Recommends an external MCP endpoint (https://rube.app/mcp). Severity is SAFE as this is the primary functionality of the skill and the intended tool source.
- [PROMPT_INJECTION] (SAFE): Potential for indirect prompt injection (Category 8) exists due to dynamic schema ingestion from an external provider. (1) Ingestion points: RUBE_SEARCH_TOOLS output, which includes tool slugs and execution plans. (2) Boundary markers: None; the agent is instructed to use the returned schemas directly. (3) Capability inventory: Includes remote tool execution (RUBE_MULTI_EXECUTE_TOOL) and environment management (RUBE_REMOTE_WORKBENCH). (4) Sanitization: None; the skill assumes the MCP server provides valid and safe tool definitions. Severity is SAFE as this is a core architectural feature of the tool.
- [COMMAND_EXECUTION] (SAFE): Leverages tools for executing administrative tasks. Severity is SAFE given the administrative nature of the skill's primary purpose.
Audit Metadata