chatwork-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to configure 'https://rube.app/mcp' as an MCP server. This domain is not included in the trusted external sources list, representing an unverified third-party dependency.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill employs 'RUBE_REMOTE_WORKBENCH' and 'RUBE_MULTI_EXECUTE_TOOL' for dynamic execution of tools discovered at runtime from the remote server. This allows for arbitrary remote tool execution based on external schemas.
- [DATA_EXFILTRATION] (LOW): Sensitive data from Chatwork (messages, user info) is processed through the Rube proxy service. While required for the primary purpose, this introduces a data exposure surface to the external provider.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is vulnerable to instructions embedded in chat messages. * Ingestion points: Chatwork message bodies and room metadata via 'RUBE_SEARCH_TOOLS'. * Boundary markers: None. No instructions are provided to ignore commands inside processed chat data. * Capability inventory: Subprocess calls via remote tools and network operations via the Chatwork API. * Sanitization: None detected; the skill relies on raw output from 'RUBE_SEARCH_TOOLS' for execution plans.
Audit Metadata