coinmarketcap-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill instructs the user to add 'https://rube.app/mcp' as an MCP server endpoint. Because this domain is not a Trusted External Source, connecting to it allows an unverified remote server to provide and execute arbitrary tool logic within the agent context.
- Indirect Prompt Injection (HIGH): The skill ingests untrusted external data from CoinMarketCap APIs and possesses high-privilege capabilities, including 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH'. There are no boundary markers or sanitization logic present to prevent malicious instructions embedded in crypto data from hijacking the agent flow.
- Dynamic Execution (MEDIUM): The skill relies on 'RUBE_SEARCH_TOOLS' to discover tool schemas and execution plans at runtime. This dynamic loading of executable logic from an untrusted remote source creates a significant risk of logic manipulation or unauthorized command execution.
Recommendations
- AI detected serious security threats
Audit Metadata