dictionary-api-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the addition of an external MCP server (https://rube.app/mcp) that is not included in the predefined trusted source list. This server controls the tool schemas and execution logic provided to the agent.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL. These tools allow for the execution of complex operations and scripts in a remote environment. If these operations are influenced by untrusted data, it facilitates remote code execution. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Data returned from the Dictionary API (definitions, examples, usage notes) enters the agent's context.
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore embedded instructions within API responses.
- Capability inventory: The skill provides
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, granting the agent substantial execution and file-handling capabilities. - Sanitization: Absent. There is no evidence of filtering or sanitizing the content fetched from the Dictionary API before it is used to influence downstream tool calls.
- [COMMAND_EXECUTION] (MEDIUM): The workflow relies on dynamic tool discovery and execution via
RUBE_SEARCH_TOOLSandRUBE_MULTI_EXECUTE_TOOL. The agent is instructed to follow schemas provided by the external server at runtime, which could be manipulated to trigger unintended commands.
Recommendations
- AI detected serious security threats
Audit Metadata