coassemble-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs the user to connect to an external MCP endpoint at
https://rube.app/mcp. This domain is not a trusted source per the analysis guidelines, meaning the tool definitions and code it provides are unverifiable.\n- COMMAND_EXECUTION (MEDIUM): The skill utilizesRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto perform tasks. These tools execute operations determined by schemas and instructions fetched at runtime from the untrusted remote service, creating a surface for dynamic execution of unknown logic.\n- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection due to its handling of external data from tool outputs.\n - Ingestion points: Data enters the context via
RUBE_SEARCH_TOOLSresults and the Coassemble toolkit outputs.\n - Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore embedded instructions in the tool responses.\n
- Capability inventory: Significant capabilities are available through the
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfunctions.\n - Sanitization: Absent. The agent is instructed to use schemas and field names exactly as returned from the remote search results without validation.
Audit Metadata