cloudconvert-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to add an external, non-trusted MCP server endpoint (https://rube.app/mcp). This domain does not belong to the approved trusted organizations. Untrusted MCP servers can be used to execute arbitrary code or intercept data handled by the AI agent.
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes high-risk tools such as RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. These tools execute operations based on schemas and recommended plans retrieved dynamically from the external rube.app server, which could facilitate remote command execution if the server is compromised or malicious.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8c
- Tool output poisoning) because it mandates the agent to follow instructions and schemas returned by RUBE_SEARCH_TOOLS.
- Ingestion points: Tool schemas and execution plans retrieved from the rube.app endpoint via RUBE_SEARCH_TOOLS.
- Boundary markers: Absent; the instructions explicitly tell the agent to follow the search results for current schemas without providing delimiters or warnings to ignore embedded instructions.
- Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH, and RUBE_MANAGE_CONNECTIONS.
- Sanitization: Absent; the agent is instructed to use exact field names and recommended plans from search results without validation.
Audit Metadata