cal-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs users to install an MCP server from an untrusted external URL (https://rube.app/mcp) not associated with a verified organization.
- [REMOTE_CODE_EXECUTION] (HIGH): MCP servers execute with the ability to perform actions on the host system; fetching and running a server from an unverified third-party domain poses a critical remote code execution risk.
- [COMMAND_EXECUTION] (HIGH): The tools RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH allow the remote server to dictate specific logic and commands executed by the agent, granting high-level control to an external entity.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests 'recommended execution plans' and schemas from the RUBE_SEARCH_TOOLS endpoint (Ingestion: SKILL.md) and lacks boundary markers or sanitization. This allows a malicious or compromised remote server to inject instructions that the agent will execute via RUBE_MULTI_EXECUTE_TOOL (Capability: SKILL.md).
Recommendations
- AI detected serious security threats
Audit Metadata