api-bible-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the user to add an untrusted remote MCP server endpoint (https://rube.app/mcp). This endpoint provides the tool definitions used by the agent.
- COMMAND_EXECUTION (MEDIUM): The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to perform actions. These tools execute code/logic on a remote workbench, which is managed by an external provider.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its tool discovery process (Category 8). 1. Ingestion points: Untrusted data enters the context via RUBE_SEARCH_TOOLS which returns tool schemas and execution plans from the remote server. 2. Boundary markers: Absent. There are no delimiters or instructions to ignore instructions embedded within the fetched tool schemas. 3. Capability inventory: Includes remote tool execution (RUBE_MULTI_EXECUTE_TOOL), connection management (RUBE_MANAGE_CONNECTIONS), and remote workbench operations (RUBE_REMOTE_WORKBENCH). 4. Sanitization: None detected. The skill relies on the remote server to provide 'current schemas' and 'recommended execution plans' without verification.
Audit Metadata