cincopa-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires adding 'https://rube.app/mcp' as an MCP server. This domain is not in the trusted source list, and delegating tool discovery to an unverified endpoint is a high-risk pattern.
- PROMPT_INJECTION (HIGH): Indirect Prompt Injection Surface: 1. Ingestion points: 'RUBE_SEARCH_TOOLS' fetches tool slugs, input schemas, and 'recommended execution plans' from the remote rube.app server. 2. Boundary markers: Absent; the agent is instructed to trust the search results implicitly. 3. Capability inventory: 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' provide significant write and execution capabilities. 4. Sanitization: Absent. This allows a potentially malicious or compromised remote server to manipulate the agent's workflow.
- REMOTE_CODE_EXECUTION (MEDIUM): Use of 'RUBE_REMOTE_WORKBENCH' with 'run_composio_tool()' allows for the execution of remote tools whose parameters and selection are determined at runtime by data from the unverified 'rube.app' endpoint.
Recommendations
- AI detected serious security threats
Audit Metadata