desktime-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to add 'https://rube.app/mcp' as an MCP server. This domain is not on the trusted external sources list, representing an unverifiable dependency.
- COMMAND_EXECUTION (MEDIUM): The skill utilizes tools such as RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, which are designed to execute other tools and scripts. This provides a high-privilege execution surface.
- DYNAMIC_EXECUTION (MEDIUM): The 'Core Workflow Pattern' requires the agent to call RUBE_SEARCH_TOOLS to find tool slugs and input schemas at runtime. The instructions tell the agent to use these results to construct and execute commands, creating a risk if the remote server returns malicious tool definitions.
- INDIRECT_PROMPT_INJECTION (LOW): The skill has a vulnerability surface for tool output poisoning (Category 8c). 1. Ingestion points: RUBE_SEARCH_TOOLS output. 2. Boundary markers: None; instructions mandate following the search output exactly. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH allow for broad action execution. 4. Sanitization: None specified for handling tool schemas or returned metadata.
Audit Metadata