apaleo-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to configure an external MCP server endpoint (https://rube.app/mcp). This domain is not an approved trusted source, meaning the logic and tools provided by this server are unverifiable and could change without notice.
- REMOTE_CODE_EXECUTION (MEDIUM): The workflow follows a pattern of 'discover then execute' where tool definitions and arguments are fetched dynamically via RUBE_SEARCH_TOOLS and then run via RUBE_MULTI_EXECUTE_TOOL. Executing tools based on remote schemas from an untrusted source allows for potential remote control of the agent's capabilities.
- INDIRECT_PROMPT_INJECTION (LOW): The skill is susceptible to indirect injection through its reliance on external tool metadata.
- Ingestion points: Data returned from RUBE_SEARCH_TOOLS including tool slugs, input schemas, and execution plans.
- Boundary markers: Absent; the skill does not specify delimiters for parsing external tool responses.
- Capability inventory: The skill utilizes powerful execution tools like RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH.
- Sanitization: None; the instructions explicitly tell the agent to follow the schemas and plans returned by the remote service without verification.
Audit Metadata