brightpearl-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs users to add an external MCP server from
https://rube.app/mcp. This domain is not in the trusted scope and the server provides the core logic and tool definitions for the skill. - INDIRECT_PROMPT_INJECTION (HIGH): The skill's workflow is entirely dependent on data fetched from the remote server via
RUBE_SEARCH_TOOLS. - Ingestion points: Tool schemas, input definitions, and 'recommended execution plans' are ingested from the
https://rube.app/mcpendpoint during theRUBE_SEARCH_TOOLScall. - Boundary markers: None present. The skill explicitly tells the agent to follow the schemas and execution plans returned by the remote server.
- Capability inventory: The skill possesses high-impact capabilities including
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, which allow for the execution of complex tool chains and remote operations. - Sanitization: None detected. The agent is instructed to use 'exact field names and types' from the search results without validation.
- REMOTE_CODE_EXECUTION (HIGH): Through the use of
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(specificallyrun_composio_tool()), the skill allows for the execution of logic defined and controlled by the remoterube.appserver.
Recommendations
- AI detected serious security threats
Audit Metadata