docnify-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires connecting to an external MCP server at https://rube.app/mcp. This domain is not on the list of trusted external sources, meaning the tool schemas and instructions provided by the server are unverifiable.
- REMOTE_CODE_EXECUTION (MEDIUM): The use of RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL facilitates the execution of tools and potentially arbitrary code/scripts on a remote environment. Executing functionality defined by an untrusted external provider poses a risk of remote code execution.
- INDIRECT_PROMPT_INJECTION (LOW): The skill instructs the agent to follow 'recommended execution plans' and 'schemas' returned dynamically from RUBE_SEARCH_TOOLS.
- Ingestion points: RUBE_SEARCH_TOOLS response at runtime.
- Boundary markers: Absent; the agent is told to use search results as the source of truth.
- Capability inventory: Tool execution and remote workbench access.
- Sanitization: None; the skill mandates using exact field names and types from the external search results without validation.
Audit Metadata