convertapi-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill directs users to add an external MCP server endpoint (
https://rube.app/mcp). While this is functional for the skill, the domain is not on the trusted organizational list, constituting an untrusted external dependency.- Indirect Prompt Injection (LOW): The skill relies on dynamically retrieved data fromRUBE_SEARCH_TOOLSto determine its actions, which could be exploited to influence agent behavior. - Ingestion points: Data enters the context via the results of
RUBE_SEARCH_TOOLS(SKILL.md). - Boundary markers: Absent; there are no instructions to the agent to disregard instructions found within the tool schemas.
- Capability inventory: The skill provides tools for execution like
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(SKILL.md). - Sanitization: No sanitization is performed on the dynamic tool schemas.- Dynamic Execution (LOW): The skill uses
RUBE_MULTI_EXECUTE_TOOLto execute tools that are identified and described at runtime via an external discovery service.
Audit Metadata