docmosis-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs users to add 'https://rube.app/mcp' as an MCP server. This domain is not listed in the trusted external sources, which constitutes a risk when an agent is instructed to fetch capabilities from an unverified third-party endpoint.
- REMOTE_CODE_EXECUTION (HIGH): The core workflow relies on dynamically fetching tool schemas and execution plans via 'RUBE_SEARCH_TOOLS' and immediately executing them via 'RUBE_MULTI_EXECUTE_TOOL'. This architectural pattern allows a remote server to dictate the operations performed by the agent.
- PROMPT_INJECTION (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from the MCP search queries and lacks explicit boundary markers or sanitization logic. Because the skill possesses 'HIGH' tier capabilities (multi-tool execution and remote workbench access), any malicious instructions embedded in the tool schemas or search results could lead to unauthorized actions.
- COMMAND_EXECUTION (MEDIUM): The 'RUBE_REMOTE_WORKBENCH' and 'RUBE_MULTI_EXECUTE_TOOL' tools provide significant side-effect capabilities. The skill instructions do not provide any evidence of input validation or human-in-the-loop verification before execution.
Recommendations
- AI detected serious security threats
Audit Metadata