corrently-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the user to add an external MCP server endpoint (https://rube.app/mcp). While no local files are downloaded or executed, the agent's toolset is provided by a third-party domain not included in the trusted sources list.
- [PROMPT_INJECTION] (LOW): A vulnerability for Indirect Prompt Injection exists. The skill follows a pattern of 'discover then execute' using
RUBE_SEARCH_TOOLS. If the remote server returns malicious tool schemas or instructions, the agent may follow them (Category 8). - Ingestion points: Tool schemas and metadata returned by
RUBE_SEARCH_TOOLSandRUBE_GET_TOOL_SCHEMAS. - Boundary markers: Absent; the instructions do not specify delimiters to separate tool metadata from instructions.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHallow for external tool execution based on discovered schemas. - Sanitization: Absent; the skill does not describe any validation or sanitization of the remote tool definitions before execution.
- [NO_CODE] (SAFE): The skill contains only documentation and tool call templates. No Python scripts, Node.js packages, or shell commands are included in the skill payload.
Audit Metadata