connecteam-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the user to add a third-party MCP server (https://rube.app/mcp). This endpoint is not part of the trusted source list and provides the tool definitions and execution logic.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill utilizes RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL, which allow the agent to execute remote functionality provided by the external service.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface: The skill dynamically fetches tool schemas and execution plans via RUBE_SEARCH_TOOLS which could be manipulated by an attacker who controls the remote tool definitions.
- Ingestion points: RUBE_SEARCH_TOOLS in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH, RUBE_GET_TOOL_SCHEMAS.
- Sanitization: Absent.
Audit Metadata