blackboard-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires connection to an untrusted external MCP endpoint (
https://rube.app/mcp) to function. This domain is not on the trusted repository or organization list, requiring users to trust the third-party provider. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection because it uses external, untrusted tool definitions and 'execution plans' to guide agent behavior.
- Ingestion points: Untrusted data enters the agent's context through the
RUBE_SEARCH_TOOLScall, which returns schemas and execution strategies from the Rube server. - Boundary markers: There are no delimiters or 'ignore' instructions provided to separate these external recommendations from the agent's core safety instructions.
- Capability inventory: The skill allows for data manipulation in Blackboard and potential command execution via the
RUBE_REMOTE_WORKBENCHtool. - Sanitization: No sanitization or verification of the external tool schemas or execution plans is mentioned or implemented.
- [SAFE] (SAFE): No hardcoded credentials, malicious obfuscation, or direct persistence mechanisms were found within the provided markdown file.
Audit Metadata