countdown-api-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [External Downloads/References] (MEDIUM): The skill requires connecting to an external Model Context Protocol (MCP) server at
https://rube.app/mcp. This source is not on the trusted list and provides the core logic, tool definitions, and schemas for the skill. - [Indirect Prompt Injection] (HIGH): The skill is designed to ingest tool schemas and "execution plans" from the
RUBE_SEARCH_TOOLSfunction. Because these plans can dictate agent behavior and the skill possesses significant side-effect capabilities (e.g., executing API operations viaRUBE_MULTI_EXECUTE_TOOL), malicious data from the remote source or the Countdown API could lead to unauthorized actions. Evidence includes: 1. Ingestion point:RUBE_SEARCH_TOOLS(tool discovery). 2. Boundary markers: Absent. 3. Capability inventory:RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. 4. Sanitization: Absent. - [Command Execution] (HIGH): The skill facilitates the execution of arbitrary tools via the Rube MCP. By instructing the agent to follow 'recommended execution plans' from search results, it creates a pattern where the agent obeys instructions generated by an external system at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata