cardly-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [In direc t Prom p t In jec tion] (HI G H): The skill dyn am ic ally in ges ts tool sch em as an d exec ution plan s from a non-trusted external en d poin t (
RUBE_SEARCH_TOOLS). A malicious respon se could hijac k the agen t's beh avior by sup plyin g man ip ulate d sch em as or arg um en ts for sub seq uen t tool calls. Eviden ce: In ges tion poin t s iden tifie d inSKILL.m d; Cap ability in ven tory in clude sRUBE_MULTI_EXECUTE_TOOLan dRUBE_REMOTE_WORKBENCH; Boun dary mark ers an d san itization logic are com plete ly ab sen t. - [Un verifiab le Dep en den cie s] (ME D I U M): The skill in struc ts users to ad d a thir d-p arty M C P serve r (
http s://rub e.ap p/m cp) that is not on the es tab lis he d trus te d lis t. - [Rem ote Cod e Exec ution] (ME D I U M): The skill feature s
RUBE_REMOTE_WORKBENCH, whic h fac ilitate s the rem ote exec ution of tool s an d com ple x tas k s in an external ly hos te d en viron m en t provi de d by the un trus te d service.
Recommendations
- AI detected serious security threats
Audit Metadata