appcircle-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process external content from Appcircle (such as build outputs, metadata, and git information) and has the capability to perform sensitive actions like tool execution and connection management.
- Ingestion points: Data returned from Appcircle via RUBE_MULTI_EXECUTE_TOOL or RUBE_SEARCH_TOOLS.
- Boundary markers: None identified in the skill instructions to separate external data from system instructions.
- Capability inventory: Includes RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH (remote execution), and RUBE_MANAGE_CONNECTIONS (authentication management).
- Sanitization: No sanitization or validation of the external content is performed before processing.
- [External Downloads] (MEDIUM): The skill requires the configuration of an external MCP server (https://rube.app/mcp). This endpoint is not part of the trusted source list and serves as the source for tool schemas and execution logic.
- [Remote Code Execution] (MEDIUM): The use of RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL facilitates the execution of tools on a remote infrastructure provided by the Rube MCP service, which constitutes remote code execution risks if the service is compromised or malicious.
Recommendations
- AI detected serious security threats
Audit Metadata