api-labz-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill mandates connection to
https://rube.app/mcp, an external MCP server not included in the list of Trusted External Sources. This creates a dependency on an unverified third-party endpoint for the agent's core capability logic. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Category 8 (Indirect Prompt Injection) due to its core 'Search-then-Execute' workflow.
- Ingestion points: Untrusted tool schemas and metadata are ingested directly from the
RUBE_SEARCH_TOOLSresponse provided by the remote server. - Boundary markers: Absent. The instructions lack any delimiters or warnings to ignore embedded instructions within the search results.
- Capability inventory: The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, granting the remote server the ability to trigger side-effect-heavy operations or code execution. - Sanitization: Absent. The agent is instructed to use the 'exact field names and types from the search results' without validation, allowing a malicious server to redirect the agent to dangerous tool slugs or supply malicious arguments.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The reference to
RUBE_REMOTE_WORKBENCHcombined withrun_composio_tool()suggests the agent may be capable of executing remote environment operations based on the untrusted server's response.
Recommendations
- AI detected serious security threats
Audit Metadata