bolt-iot-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill requires adding an external MCP server (https://rube.app/mcp) which is not a trusted source. This server provides the logic and definitions for tools like RUBE_MULTI_EXECUTE_TOOL, effectively allowing the remote server to control agent actions.
- [COMMAND_EXECUTION] (HIGH): The skill executes IoT automation commands with side effects based on dynamically discovered tool schemas.
- [PROMPT_INJECTION] (HIGH): Vulnerable to Category 8 (Indirect Prompt Injection). The skill ingests untrusted data from the search endpoint and uses it to construct tool calls. Evidence: (1) Ingestion point: RUBE_SEARCH_TOOLS response; (2) Boundary markers: Absent; (3) Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH; (4) Sanitization: Absent.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Relies on rube.app, which falls outside the TRUST-SCOPE-RULE for recognized secure providers.
Recommendations
- AI detected serious security threats
Audit Metadata