customgpt-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to add 'https://rube.app/mcp' as an MCP server. Because this domain is not within the trusted organization whitelist, the security and integrity of the tools provided by this endpoint cannot be verified.- [COMMAND_EXECUTION] (MEDIUM): The workflow utilizes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' to execute tool logic. Since the tool slugs and arguments are determined dynamically by the output of 'RUBE_SEARCH_TOOLS' at runtime, the skill performs dynamic execution based on external data.- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests tool schemas and execution plans from an external provider without sanitization. * Ingestion points: 'RUBE_SEARCH_TOOLS' results in 'SKILL.md'. * Boundary markers: None present. * Capability inventory: 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' perform file/task operations. * Sanitization: None; instructions command the agent to use the exact schemas provided by the external search.
Audit Metadata