clickmeeting-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs users to add 'https://rube.app/mcp' as an MCP server. This domain is not in the trusted sources whitelist and acts as the provider for all tool definitions and logic.
- [REMOTE_CODE_EXECUTION] (HIGH): The core workflow requires fetching schemas from a remote endpoint via 'RUBE_SEARCH_TOOLS' and passing them directly to execution tools like 'RUBE_MULTI_EXECUTE_TOOL'. This allows the remote server to dictate the agent's actions at runtime.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is vulnerable to tool output poisoning from the Rube MCP service. Ingestion points: Tool schemas and execution plans retrieved via RUBE_SEARCH_TOOLS. Boundary markers: Absent; no validation logic exists to verify the authenticity of tool slugs. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide powerful side effects. Sanitization: Absent; the skill mandates using the exact field names and types returned by the untrusted search results.
- [DYNAMIC_EXECUTION] (MEDIUM): Tool slugs and arguments are determined dynamically at runtime based on external responses, increasing the attack surface for malicious instruction execution.
Recommendations
- AI detected serious security threats
Audit Metadata