dadata-ru-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill is designed to ingest external data from the Dadata Ru API and process it using tools with significant side-effect capabilities. \n
- Ingestion points: Data retrieved from Dadata Ru via toolkit tools.\n
- Boundary markers: None; there are no instructions to the agent to ignore or delimit embedded commands in the external data.\n
- Capability inventory: Includes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, which allow for complex operations and remote code execution.\n - Sanitization: No sanitization or validation logic is defined for the external input before it is used in subsequent tool calls.\n- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL. These tools provide a mechanism for executing remote operations or code in a workbench environment, which poses a critical risk if the input is influenced by an attacker via indirect injection.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the addition of an external MCP server (https://rube.app/mcp). This domain is not within the defined [TRUST-SCOPE-RULE] for trusted sources, making the connection and any code it serves unverifiable.
Recommendations
- AI detected serious security threats
Audit Metadata