bunnycdn-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- External Downloads (MEDIUM): The skill requires adding an external MCP server endpoint (
https://rube.app/mcp). This source is not on the trusted repositories or organizations list, meaning the logic executed by the agent is provided by an unverified third party. - Indirect Prompt Injection (HIGH): The skill has a high-risk vulnerability surface for indirect prompt injection.
- Ingestion points: Data enters through the
queriesparameter inRUBE_SEARCH_TOOLSand subsequent execution plans. - Boundary markers: There are no delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill possesses significant write capabilities, including modifying CDN configurations and performing bulk operations via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. - Sanitization: No evidence of input validation or output sanitization before tool execution.
- Command Execution (HIGH): Through the Rube MCP, the agent can execute arbitrary tools within the BunnyCDN toolkit. Maliciously crafted input could lead to unauthorized file deletions, cache invalidations, or configuration changes on the production CDN.
- Dynamic Execution (MEDIUM): The use of
RUBE_REMOTE_WORKBENCHfor 'Bulk ops' and 'run_composio_tool()' implies a remote environment where dynamic logic or scripts may be executed, increasing the attack surface if the MCP server or the input data is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata