draftable-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires connecting to an external MCP server hosted at
https://rube.app/mcp. This domain is not part of the trusted organization list. Adding unverified MCP endpoints allows a third party to define the tools, schemas, and capabilities available to the agent, which can lead to unauthorized data access or unexpected behavior. - REMOTE_CODE_EXECUTION (MEDIUM): The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. These functions facilitate the execution of tools and potentially code in a remote environment managed by the Rube MCP server. Since the source is unverified, this represents a risk of unverified remote execution of logic. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8c).
- Ingestion points: The agent is instructed to call
RUBE_SEARCH_TOOLSto retrieve schemas and "recommended execution plans" from the remote server. - Boundary markers: No boundary markers or sanitization instructions are provided to help the agent distinguish between legitimate tool schemas and malicious instructions embedded in the server's response.
- Capability inventory: The agent has access to
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, which can be used to carry out actions dictated by a compromised or malicious remote server. - Sanitization: There is no evidence of input validation or sanitization of the remote tool definitions before use.
Audit Metadata