borneo-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill relies on tool schemas and execution plans fetched dynamically from a remote MCP server (
rube.app). This creates an attack surface where a compromised or malicious server could provide instructions that influence the agent's behavior. - Ingestion points: Tool metadata and schemas returned by
RUBE_SEARCH_TOOLSas described inSKILL.md. - Boundary markers: None specified; the skill instructs the agent to follow the returned execution plans directly.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHare used to execute the discovered tools. - Sanitization: None; the instructions emphasize using the exact field names and types from the search results.
- [External Downloads] (SAFE): The skill references an external MCP endpoint (
https://rube.app/mcp). While this is a third-party service, it is a configuration step for the user and does not involve automated script downloads or unauthorized remote code execution by the skill itself.
Audit Metadata