callpage-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs users to add an external MCP server from https://rube.app/mcp. This domain is not a trusted source, and connecting to it allows the provider to influence agent tools and behavior.
- REMOTE_CODE_EXECUTION (HIGH): By fetching and immediately executing 'recommended execution plans' from the untrusted server via RUBE_MULTI_EXECUTE_TOOL, the skill enables the external provider to execute arbitrary sequences of tools.
- Indirect Prompt Injection Surface (HIGH): 1. Ingestion points: RUBE_SEARCH_TOOLS retrieves instructions and schemas from the external server. 2. Boundary markers: Absent; the agent is explicitly told to follow the search results verbatim. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide significant execution and remote environment capabilities. 4. Sanitization: Absent; there is no validation or filtering of the external schema content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata