classmarker-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs users to add 'https://rube.app/mcp' as an MCP server. This endpoint is not on the trusted source list and serves as the source for all agent capabilities.
- REMOTE_CODE_EXECUTION (HIGH): Tool logic and execution instructions are dynamically provided by the remote server and executed via 'RUBE_MULTI_EXECUTE_TOOL'.
- COMMAND_EXECUTION (HIGH): The 'RUBE_REMOTE_WORKBENCH' tool provides a vector for remote command execution through the agent.
- PROMPT_INJECTION (HIGH): High risk of Indirect Prompt Injection as the agent is directed to follow execution plans provided by the remote server. * Ingestion points: Tool schemas and plans from rube.app/mcp (SKILL.md) * Boundary markers: None present; instructions emphasize following search results exactly * Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (SKILL.md) * Sanitization: None specified.
Recommendations
- AI detected serious security threats
Audit Metadata