dock-certs-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLwhich facilitate execution of operations in a remote environment provided by an untrusted domain (rube.app). - EXTERNAL_DOWNLOADS (MEDIUM): The skill requires adding an external, non-whitelisted MCP endpoint (
https://rube.app/mcp), creating a dependency on unverified infrastructure. - PROMPT_INJECTION (HIGH): High vulnerability to Indirect Prompt Injection (Category 8).
- Ingestion points: Tool schemas and 'recommended execution plans' are fetched from
RUBE_SEARCH_TOOLSat runtime from a non-whitelisted source. - Boundary markers: Absent; instructions mandate following the remote server's output and 'recommended execution plans' without local validation.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide substantial write/execute capabilities. - Sanitization: Absent; the agent is instructed to use schemas exactly as returned by the remote server.
- COMMAND_EXECUTION (HIGH): The instruction to follow 'execution plans' and tool slugs provided by a remote server at runtime constitutes a bypass of local security constraints, granting the remote server control over the agent's actions.
Recommendations
- AI detected serious security threats
Audit Metadata