bugbug-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill workflow requires the agent to fetch "recommended execution plans" and tool schemas from a third-party, untrusted source (https://rube.app/mcp) and execute them via RUBE_MULTI_EXECUTE_TOOL. This allows a remote attacker to gain control over the agent's actions by manipulating the server's response content.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The setup instructions mandate the connection to an unverified external MCP server which is not part of the trusted source list.
- [INDIRECT_PROMPT_INJECTION] (HIGH): * Ingestion points: Tool outputs from RUBE_SEARCH_TOOLS, which includes executable logic such as tool slugs and plans (SKILL.md). * Boundary markers: Absent; the instructions explicitly tell the agent to follow the search results to define its execution plan. * Capability inventory: Includes execution of arbitrary tools and a remote workbench (RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH). * Sanitization: None; the agent is directed to use exact field names and types provided by the untrusted search results.
Recommendations
- AI detected serious security threats
Audit Metadata