codereadr-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connecting to an external MCP server 'https://rube.app/mcp'. This domain is not on the list of trusted external sources and can serve untrusted instructions or tool definitions.
- [REMOTE_CODE_EXECUTION] (HIGH): Use of 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' provides high-privilege capabilities to execute operations on remote infrastructure.
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) because it retrieves tool schemas and execution plans dynamically from a remote source. 1. Ingestion points: 'RUBE_SEARCH_TOOLS' response content. 2. Boundary markers: Absent; instructions explicitly tell the agent to follow the returned schema. 3. Capability inventory: 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' (file execution). 4. Sanitization: Absent; the agent is expected to obey dynamically retrieved schemas.
Recommendations
- AI detected serious security threats
Audit Metadata