college-football-data-automation
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to add 'https://rube.app/mcp' as an MCP server. This is an external, unverified dependency that acts as the backbone for the skill's functionality.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses tools like RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL, which enable the agent to perform complex, multi-step remote actions. These capabilities increase the potential impact of any successful prompt injection.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted external data from football APIs and passes it to an agent with execution capabilities without explicit sanitization or boundary markers (Category 8).
Audit Metadata