autom-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists only of Markdown instructions and contains no executable code or scripts within the skill package itself.
- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8). 1. Ingestion points:
RUBE_SEARCH_TOOLSresponse data, which provides dynamic schemas. 2. Boundary markers: Absent. 3. Capability inventory:RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. 4. Sanitization: Absent. While this is inherent to the Model Context Protocol (MCP) design, it represents an exploitable surface. - [EXTERNAL_DOWNLOADS] (LOW): The skill instructs users to add an external, untrusted MCP endpoint from
rube.app. This is considered an unverifiable dependency (Category 4). The severity is reduced to LOW because it is the primary purpose of the skill and requires manual configuration by the user.
Audit Metadata