chmeetings-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires connecting to a non-trusted MCP server at https://rube.app/mcp. This external dependency provides tool logic and configuration at runtime, which is not verified by the trusted sources list.
- REMOTE_CODE_EXECUTION (MEDIUM): The inclusion of RUBE_REMOTE_WORKBENCH with run_composio_tool() suggests capabilities for executing code or complex operations in a remote environment managed by an untrusted provider.
- PROMPT_INJECTION (LOW): Surface for Indirect Prompt Injection (Category 8).
- Ingestion points: The agent is instructed to fetch tool slugs, input schemas, and "recommended execution plans" via RUBE_SEARCH_TOOLS.
- Boundary markers: None identified. Instructions explicitly state to use the search results for execution.
- Capability inventory: Access to RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH across the toolkit.
- Sanitization: Absent; the agent is directed to use exact field names and types from untrusted search results without validation.
Audit Metadata