coinranking-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant risk of Indirect Prompt Injection via external tool discovery. The skill instructs the agent to fetch 'recommended execution plans' and schemas from the external
RUBE_SEARCH_TOOLSendpoint and use them to execute tools. This allows the external service to control the agent's logic flow and action sequence. Evidence Chain: Ingestion point:RUBE_SEARCH_TOOLSresponse inSKILL.md; Boundary markers: Absent; Capability inventory:RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH; Sanitization: Absent. - [EXTERNAL_DOWNLOADS] (MEDIUM): Requires connection to an untrusted external endpoint
https://rube.app/mcp. This source is not listed in the trusted repositories or organizations, posing a supply-chain risk for the MCP server content. - [COMMAND_EXECUTION] (HIGH): The skill provides access to
RUBE_REMOTE_WORKBENCH, which facilitates remote execution. When combined with dynamic plans from an untrusted source, this presents a high risk of unauthorized command execution.
Recommendations
- AI detected serious security threats
Audit Metadata