deepgram-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- External Downloads & Dependencies (LOW): The skill connects to an external MCP server at https://rube.app/mcp which is not on the trusted organizations list. Source URL: https://rube.app/mcp, Execution method: RUBE_MULTI_EXECUTE_TOOL. This finding is downgraded because it represents the primary functionality of the skill.\n- Dynamic Execution (LOW): The skill dynamically fetches tool slugs and schemas from a remote source using RUBE_SEARCH_TOOLS and executes them via RUBE_MULTI_EXECUTE_TOOL. This involves dynamic loading from computed remote paths.\n- Indirect Prompt Injection (LOW): The skill has a vulnerability surface for indirect prompt injection via the tool discovery process.\n
- Ingestion points: Tool schemas and execution plans returned by RUBE_SEARCH_TOOLS.\n
- Boundary markers: Absent; the skill is instructed to use discovery results directly.\n
- Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH facilitate execution based on remote data.\n
- Sanitization: None; the skill assumes the remote server's output is safe and authoritative.
Audit Metadata