appsflyer-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires the user to add an MCP server from an untrusted domain (
https://rube.app/mcp). MCP servers typically possess broad permissions within the agent's context, and connecting to an unverified third-party endpoint is a high-risk configuration.\n- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizesRUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL, which facilitate the execution of tools and operations on remote infrastructure provided by the untrustedrube.appservice.\n- [PROMPT_INJECTION] (HIGH): The skill implements a workflow vulnerable to indirect prompt injection (Category 8).\n - Ingestion points: Tool schemas, slugs, and execution plans are retrieved dynamically from the output of
RUBE_SEARCH_TOOLS.\n - Boundary markers: Absent. The skill explicitly instructs the agent to trust the search results for tool slugs and schemas.\n
- Capability inventory: Includes tool execution (
RUBE_MULTI_EXECUTE_TOOL) and remote workbench operations (RUBE_REMOTE_WORKBENCH), both of which can have significant side effects.\n - Sanitization: None specified; the skill relies entirely on the external service to provide safe instructions.\n- [COMMAND_EXECUTION] (MEDIUM): The
RUBE_MULTI_EXECUTE_TOOLcapability allows the agent to perform operations on the Appsflyer platform based on inputs from an untrusted search tool, which could result in unauthorized data modification or account operations if the search results are manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata