builtwith-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs the user to add an external MCP server endpoint (https://rube.app/mcp). This domain is not a recognized trusted source, making the server an untrusted remote dependency.
- REMOTE_CODE_EXECUTION (HIGH): The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to perform operations. The actual logic and steps of these operations are dynamically provided by the remote MCP server at runtime.
- COMMAND_EXECUTION (HIGH): Use of tools like RUBE_REMOTE_WORKBENCH indicates the ability to execute remote commands or complex toolsets as instructed by the third-party service.
- PROMPT_INJECTION (HIGH): High risk of Indirect Prompt Injection (Category 8). Evidence: (1) Ingestion point: RUBE_SEARCH_TOOLS returns tool schemas and 'recommended execution plans' from an untrusted source. (2) Boundary markers: Absent. (3) Capability inventory: Multi-tool execution and remote workbench access. (4) Sanitization: Instructions mandate following the remote search results exactly, creating a direct injection path for the server to control agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata