bannerbear-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill mandates connecting to an external MCP server at 'https://rube.app/mcp' which is not a trusted source according to established safety rules.
- [REMOTE_CODE_EXECUTION] (HIGH): The workflow requires dynamic fetching of tool slugs and input schemas from a remote source via 'RUBE_SEARCH_TOOLS' which are then executed by 'RUBE_MULTI_EXECUTE_TOOL'. This pattern allows the remote server to dictate arbitrary tool execution at runtime.
- [PROMPT_INJECTION] (HIGH): High vulnerability to Indirect Prompt Injection. 1. Ingestion point: 'RUBE_SEARCH_TOOLS' returns 'recommended execution plans' from the external server. 2. Boundary markers: None specified in the instructions. 3. Capability inventory: 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' provide significant side-effect capabilities. 4. Sanitization: No sanitization of the remote execution plans is described.
Recommendations
- AI detected serious security threats
Audit Metadata