btcpay-server-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill requires the use of an external MCP server at
https://rube.app/mcp. This endpoint is not a trusted source and provides the tool schemas and execution plans that the agent uses to perform actions. - [Indirect Prompt Injection] (HIGH): The skill processes untrusted data from the
RUBE_SEARCH_TOOLStool. It lacks boundary markers and sanitization, instructing the agent to 'Always search tools first' and follow the returned schemas. An attacker-controlled response from the remote server could inject malicious instructions into the tool execution arguments, leading to unauthorized Btcpay Server actions. - [Command Execution] (MEDIUM): The
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfunctions provide an execution surface for arbitrary tools defined at runtime by the remote service.
Recommendations
- AI detected serious security threats
Audit Metadata