craftmypdf-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [External Downloads] (HIGH): The skill instructs the user to add an untrusted MCP server endpoint (https://rube.app/mcp). As rube.app is not a recognized trusted source, this introduces an unverified external dependency that can provide executable capabilities to the agent.- [Indirect Prompt Injection] (HIGH): The skill implements a workflow where tool logic is fetched from an external source and then executed. * Ingestion points: Tool schemas and execution plans are fetched via RUBE_SEARCH_TOOLS from rube.app. * Boundary markers: Absent; the agent is instructed to follow external schemas exactly. * Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH allow execution of arbitrary tools defined by the external server. * Sanitization: Absent; the skill explicitly recommends using the exact field names and types provided by the search results without validation.- [Dynamic Execution] (MEDIUM): The workflow utilizes dynamic tool slugs (TOOL_SLUG_FROM_SEARCH) and arguments derived from external runtime data. This pattern bypasses static review of what actions the agent will actually perform, as the execution logic is provided by the external service at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata