api2pdf-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires connecting to an external MCP endpoint
https://rube.app/mcp. Neither Rube nor Composio are on the Trusted External Sources list. This creates a dependency on an unverified third-party service for core functionality. - REMOTE_CODE_EXECUTION (HIGH): By adding a remote MCP server, the agent is configured to dynamically fetch tool definitions (schemas and execution plans) from
rube.app. Since these tools are executed by the agent, this is functionally equivalent to executing remote code provided by the server. - COMMAND_EXECUTION (HIGH): The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto perform operations. These tools allow for arbitrary execution of logic defined by the remote MCP provider. - INDIRECT PROMPT INJECTION (HIGH):
- Ingestion points: Data and tool schemas are ingested from
https://rube.app/mcpvia theRUBE_SEARCH_TOOLScommand. - Boundary markers: None present. The instructions explicitly tell the agent to follow the "recommended execution plans" returned by the search.
- Capability inventory: Includes
RUBE_MULTI_EXECUTE_TOOL(tool execution) andRUBE_REMOTE_WORKBENCH(remote execution environment). - Sanitization: No sanitization or validation of the remote tool definitions is performed; the agent is instructed to use the exact field names and types provided by the remote server.
Recommendations
- AI detected serious security threats
Audit Metadata