bugherd-automation
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the configuration of an external MCP server at 'https://rube.app/mcp'. This domain is not within the trusted scope, and all Bugherd operations are proxied through this third-party service.
- PROMPT_INJECTION (HIGH): Indirect prompt injection surface identified. 1. Ingestion points: The skill retrieves and processes data from Bugherd tickets and tasks via 'RUBE_SEARCH_TOOLS'. 2. Boundary markers: There are no markers or instructions defined to prevent the agent from obeying instructions embedded in Bugherd data. 3. Capability inventory: The skill uses 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH', allowing the agent to modify external data and execute remote functions. 4. Sanitization: No sanitization or validation logic is present to handle potentially malicious input from the external source.
Audit Metadata