conversion-tools-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to add an external MCP server endpoint (
https://rube.app/mcp) which is not included in the Trusted External Sources list. This introduces a dependency on an unverified third-party domain.- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes tools such asRUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL. These tools allow the agent to execute arbitrary operations and scripts in a remote environment managed by the MCP server.- [COMMAND_EXECUTION] (HIGH): The workflow relies onRUBE_SEARCH_TOOLSto dynamically discover tool slugs and schemas. These slugs are then executed viaRUBE_MULTI_EXECUTE_TOOL. If the search results are influenced by untrusted data, this allows for arbitrary command execution.- [Indirect Prompt Injection] (HIGH): - Ingestion points: Data processed by 'Conversion Tools' (e.g., document contents, file metadata) enters the agent's context.
- Boundary markers: None. The skill does not implement delimiters or 'ignore' instructions to prevent the agent from following commands embedded in the files being converted.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH, andRUBE_MANAGE_CONNECTIONS. - Sanitization: None. The skill lacks validation or sanitization of external content before it is used to determine tool execution plans.
Recommendations
- AI detected serious security threats
Audit Metadata