deadline-funnel-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connecting to an external MCP server at 'https://rube.app/mcp'. This source is not on the pre-approved trusted list, posing a risk as the server controls the tool definitions.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The workflow relies on 'RUBE_SEARCH_TOOLS' to fetch 'recommended execution plans' and 'RUBE_MULTI_EXECUTE_TOOL' or 'RUBE_REMOTE_WORKBENCH' to execute them. This architectural pattern allows a remote server to define the logic and commands the agent executes at runtime.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from the search tool. Evidence Chain: 1. Ingestion point: Tool schemas and execution plans from 'RUBE_SEARCH_TOOLS'. 2. Boundary markers: None mentioned to separate remote instructions from system goals. 3. Capability inventory: Includes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' for command execution. 4. Sanitization: No evidence of input validation or escaping for the dynamically fetched execution plans.
Audit Metadata