apipie-ai-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- External Downloads (MEDIUM): The skill requires the configuration of a remote MCP server from an unverified source:
https://rube.app/mcp. This host is not on the trusted repository or organization list and acts as a remote dependency for the skill's entire logic. - Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection because it fetches tool definitions, schemas, and execution plans from an external, untrusted source at runtime.
- Ingestion points: Data returned from
RUBE_SEARCH_TOOLSvia the external MCP server. - Boundary markers: Absent. The instructions encourage the agent to follow the search results' recommended execution plans directly.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOL(tool execution) andRUBE_REMOTE_WORKBENCH(remote command/code execution). - Sanitization: Absent. The skill instructions suggest using the search results directly to populate arguments.
- Command Execution (HIGH): The skill facilitates the execution of arbitrary tools and workbench operations (
RUBE_REMOTE_WORKBENCH) based on schemas and slugs provided by the external MCP server. If the server is compromised or malicious, it can trick the agent into executing dangerous commands with local or cloud permissions. - Dynamic Execution (MEDIUM): The workflow relies on
RUBE_GET_TOOL_SCHEMASand dynamic argument construction based on runtime search results, which increases the attack surface for schema confusion and malicious instruction injection.
Recommendations
- AI detected serious security threats
Audit Metadata