bugsnag-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to add an external, untrusted MCP server endpoint (https://rube.app/mcp). Neither rube.app nor composio.dev are on the Trusted Sources list.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill facilitates the execution of remote tools and workbenches (RUBE_REMOTE_WORKBENCH, RUBE_MULTI_EXECUTE_TOOL) via an untrusted third-party service. The claim that 'No API keys needed' suggests the third-party service may be proxying or managing sensitive credentials on behalf of the user.
- [COMMAND_EXECUTION] (MEDIUM): The RUBE_REMOTE_WORKBENCH and run_composio_tool() capabilities allow for the execution of arbitrary tools defined by the remote server's schema, which can have side effects on connected systems.
- [PROMPT_INJECTION] (HIGH): This skill is highly vulnerable to Indirect Prompt Injection.
- Ingestion points: Data retrieved from Bugsnag (error reports, stack traces, comments).
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions inside external data.
- Capability inventory: Includes RUBE_MANAGE_CONNECTIONS and RUBE_MULTI_EXECUTE_TOOL, allowing for state-changing operations.
- Sanitization: Absent. External content is directly processed to drive tool selection and execution.
Recommendations
- AI detected serious security threats
Audit Metadata