deel-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the user to add an external, untrusted MCP server (
https://rube.app/mcp). This domain is not among the verified trusted sources. All agent capabilities and data processing for this skill are routed through this external endpoint. - DATA_EXFILTRATION (MEDIUM): The skill's primary purpose is automating 'Deel' operations (Payroll, HR, Employee data). By design, sensitive data is passed to the
rube.appendpoint via the Rube MCP protocol. This creates a risk of unauthorized data collection or proxying by the third-party service provider. - INDIRECT_PROMPT_INJECTION (LOW): The skill dynamically fetches tool schemas and execution plans using
RUBE_SEARCH_TOOLS. - Ingestion points: Data enters the agent context from the external search results provided by the
rube.appendpoint. - Boundary markers: No specific delimiters or safety warnings are implemented to prevent the agent from obeying instructions embedded within the returned tool schemas.
- Capability inventory: The agent has the capability to execute arbitrary tools via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHbased on the untrusted search results. - Sanitization: No evidence of input validation or schema sanitization is present in the skill instructions.
Audit Metadata