bench-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill identifies an indirect prompt injection surface where the agent fetches and follows 'recommended execution plans' from an external API. Evidence Chain: (1) Ingestion points: Output from RUBE_SEARCH_TOOLS which includes tool slugs and plans. (2) Boundary markers: Absent in the instructions provided to the agent. (3) Capability inventory: High-impact capabilities including RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH for modifying Bench data. (4) Sanitization: No instructions provided for the agent to validate or sanitize the dynamically retrieved schemas or instructions.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references an external MCP server endpoint (rube.app) and documentation links. These are necessary configuration details for the primary purpose of the skill and do not involve unauthorized code downloads.
Audit Metadata