aryn-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [External Downloads / Remote Code Execution] (MEDIUM): The skill requires the configuration of an external URL (
https://rube.app/mcp) as an MCP server. This grants a remote third-party service the ability to define the tools and logic the agent executes. Because this source is not on the trusted organizations list, it is classified as an unverifiable remote dependency. - [Indirect Prompt Injection] (LOW): The workflow is designed to ingest and follow instructions provided by the remote server at runtime.
- Ingestion points: Tool schemas and 'recommended execution plans' retrieved via
RUBE_SEARCH_TOOLSfrom the remote endpoint. - Boundary markers: Absent. The agent is instructed to follow the discovered plans and schemas without local verification or delimitation.
- Capability inventory: The skill provides access to
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfor executing operations on the remote platform. - Sanitization: Absent. The skill prioritizes dynamic schema compliance over input validation or sanitization.
Audit Metadata