coupa-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connecting to 'https://rube.app/mcp' as an MCP server. Because this domain is not a 'Trusted External Source', it is treated as an unverifiable remote dependency.
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' to execute operations defined by the remote server. This constitutes a dynamic execution model where the actual logic performed by the agent is determined at runtime by the remote host.
- [PROMPT_INJECTION] (LOW): The skill exhibits an Indirect Prompt Injection surface (Category 8).
- Ingestion points: Data enters the agent context via 'RUBE_SEARCH_TOOLS', which returns tool slugs, input schemas, and 'recommended execution plans' from the remote server.
- Boundary markers: Absent. The skill does not instruct the agent to ignore potentially malicious instructions embedded in the tool descriptions or schemas.
- Capability inventory: The agent can perform file/ERP operations via 'RUBE_MULTI_EXECUTE_TOOL' and execute broader workbench tasks via 'RUBE_REMOTE_WORKBENCH'.
- Sanitization: There is no evidence of sanitization or validation of the remote search results before they are used to form subsequent tool calls.
Audit Metadata