astica-ai-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to add an external MCP server endpoint (https://rube.app/mcp). This source is not verified as a trusted provider under the security guidelines. Connecting to untrusted MCP endpoints allows an external entity to define tools and behavior for the agent.\n- REMOTE_CODE_EXECUTION (MEDIUM): The skill leverages RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, which facilitate the execution of remote operations on the Composio/Rube platform. This represents a remote code execution vector dependent on the security of the third-party service.\n- Indirect Prompt Injection (LOW): The skill uses RUBE_SEARCH_TOOLS to retrieve recommended execution plans from a remote server, which the agent is then instructed to follow.\n
- Ingestion points: Data returned from the rube.app endpoint via RUBE_SEARCH_TOOLS.\n
- Boundary markers: Absent; the agent is not told to treat the execution plan as untrusted data.\n
- Capability inventory: The skill has the capability to execute complex tools and workbench operations (RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH).\n
- Sanitization: No sanitization or validation of the remote execution plans is specified.
Audit Metadata