cabinpanda-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill directs users to add an external MCP server endpoint (
https://rube.app/mcp) which is not on the trusted repository or organization list.\n- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it instructs the agent to dynamically fetch and follow execution plans and tool schemas from a remote tool.\n - Ingestion points: Remote tool output from
RUBE_SEARCH_TOOLSas described inSKILL.md.\n - Boundary markers: Absent; no instructions are provided to the agent to treat the tool output as untrusted.\n
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHwhich allow execution of remote actions.\n - Sanitization: Absent; the instructions explicitly tell the agent to use exact field names and recommended execution plans from search results.\n- [NO_CODE] (SAFE): No executable code files (.py, .js, .sh) are included; the skill consists only of a markdown configuration file.
Audit Metadata