conveyor-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires registering a remote MCP server at
https://rube.app/mcp. This domain is not on the trusted external sources list, making it an unverifiable dependency that controls the agent's tool logic. - COMMAND_EXECUTION (LOW): The skill utilizes high-privilege tools such as
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLto perform operations. These allow for remote command and tool execution which increases risk if the external tool definitions are compromised. - PROMPT_INJECTION (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: Tool schemas and execution plans are dynamically retrieved from the remote server via
RUBE_SEARCH_TOOLS. - Boundary markers: There are no delimiters or instructions to the agent to ignore potentially malicious instructions embedded in the tool search results.
- Capability inventory: The skill leverages
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH, andRUBE_MANAGE_CONNECTIONS. - Sanitization: No sanitization of the external tool schemas or metadata is performed before the agent processes them.
Audit Metadata