docupost-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions direct the user to add a remote MCP server endpoint (https://rube.app/mcp). This source is not on the pre-approved trusted list and provides the operational logic for the skill at runtime.
- COMMAND_EXECUTION (MEDIUM): The workflow relies on RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute actions discovered dynamically through RUBE_SEARCH_TOOLS. This results in execution of code or commands that are not statically defined within the skill file itself.
- PROMPT_INJECTION (LOW): The skill exhibits a vulnerability surface for indirect prompt injection (Category 8). 1. Ingestion points: Tool schemas, input field names, and execution plans are ingested from the RUBE_SEARCH_TOOLS response. 2. Boundary markers: The skill does not define delimiters or instructions to ignore embedded commands in the tool schemas. 3. Capability inventory: The skill has the ability to execute remote tools and workbenches via Rube MCP. 4. Sanitization: No sanitization or validation of the remote schemas is mentioned before they are processed by the agent.
Audit Metadata