cloudflare-api-key-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a significant attack surface for indirect prompt injection via external tool discovery. 1. Ingestion points: Untrusted tool slugs, input schemas, and execution plans are ingested from the
RUBE_SEARCH_TOOLSoutput (SKILL.md). 2. Boundary markers: Absent; instructions explicitly direct the agent to adopt execution plans and field names provided by the external tool. 3. Capability inventory: IncludesRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, providing write-access and remote execution capabilities on Cloudflare. 4. Sanitization: Absent; the agent is instructed to follow the remote guidance to avoid 'pitfalls', which an attacker could exploit to redirect actions. - External Dependency (MEDIUM): The skill mandates connection to
https://rube.app/mcp, an external service not on the trusted provider list. This creates a supply-chain risk where the service provider can modify the logic or instructions returned to the agent. - Dynamic Tool Execution (MEDIUM): The workflow requires the agent to 'Never hardcode' and instead dynamically construct and execute tools based on runtime search results, which can be manipulated to trigger unauthorized API calls if the search registry is poisoned.
Recommendations
- AI detected serious security threats
Audit Metadata