cults-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to add an external MCP server (https://rube.app/mcp) as a core dependency. This domain is not on the verified list of trusted providers, posing a risk if the endpoint is compromised or serves malicious tool definitions.
- COMMAND_EXECUTION (MEDIUM): The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to perform state-changing operations on external accounts. This capability tier is high risk when combined with dynamic tool discovery.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection. 1. Ingestion points: External tool schemas and execution plans returned by RUBE_SEARCH_TOOLS (SKILL.md). 2. Boundary markers: None present to delimit external data from instructions. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (SKILL.md) provide extensive write/execute access. 4. Sanitization: No sanitization or validation of the ingested schemas is described.
Audit Metadata