better-stack-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires registering https://rube.app/mcp as an MCP server. This domain is not in the trusted sources list provided in the security guidelines, creating a supply-chain dependency on an unverified third party.
- REMOTE_CODE_EXECUTION (HIGH): The agent fetches 'recommended execution plans' and tool schemas from the remote rube.app server. Since these plans are directly used to call RUBE_MULTI_EXECUTE_TOOL, a malicious server response can execute arbitrary workflows on the target Better Stack infrastructure.
- PROMPT_INJECTION (HIGH): An indirect prompt injection surface is present. 1. Ingestion point: RUBE_SEARCH_TOOLS in SKILL.md fetches instructions from rube.app; 2. Boundary markers: Absent; 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH can perform write operations on infrastructure; 4. Sanitization: None mentioned. This creates a critical surface where external data controls agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata