booqable-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes data from Booqable (e.g., rental orders, customer info) and uses it to drive tool execution via RUBE_MULTI_EXECUTE_TOOL.
- Ingestion points: Data fetched from Booqable APIs via Rube MCP (SKILL.md).
- Boundary markers: None provided to separate instructions from data.
- Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide write access to Booqable data.
- Sanitization: No evidence of input validation or escaping for the processed external content.
- External Downloads (MEDIUM): Requires the user to add an untrusted remote endpoint (https://rube.app/mcp) as an MCP server. This endpoint dynamically provides tool definitions and execution logic from an unverified source.
- Dynamic Execution (MEDIUM): Uses RUBE_SEARCH_TOOLS to fetch executable tool slugs and schemas at runtime based on natural language use cases, which are then passed directly to execution tools.
Recommendations
- AI detected serious security threats
Audit Metadata