cdr-platform-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from the Cdr Platform and utilizes it to drive actions via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. There are no boundary markers or sanitization procedures described to prevent malicious instructions embedded in the platform data from being executed by the agent.
- [External Downloads] (MEDIUM): The skill requires adding 'https://rube.app/mcp' as a remote MCP server. This endpoint is not within the trusted source scope and provides the execution logic for the skill.
- [Remote Code Execution] (MEDIUM): The RUBE_REMOTE_WORKBENCH tool allows for remote execution of tasks which could include arbitrary code execution depending on the backend implementation.
- [Dynamic Execution] (MEDIUM): Tool slugs and input schemas are fetched at runtime via RUBE_SEARCH_TOOLS. If the remote search results are tampered with, the agent may execute unintended commands.
Recommendations
- AI detected serious security threats
Audit Metadata