drip-jobs-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires connection to an external MCP server at
https://rube.app/mcp. This domain is not part of the trusted organizations or repositories list. This represents an external dependency that provides the logic for tool execution. - REMOTE_CODE_EXECUTION (LOW): Through the use of
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, the skill executes code/tasks defined by the remote MCP server. This allows for dynamic capability execution where the underlying logic is hosted externally. - PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8c) because it dynamically retrieves tool schemas and execution plans from an external API.
- Ingestion points:
RUBE_SEARCH_TOOLSretrieves tool slugs, input schemas, and recommended execution plans from a remote source. - Boundary markers: None are present in the skill instructions to delimit the untrusted tool schemas from the agent's core instructions.
- Capability inventory: The skill has high-impact capabilities including
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCHfor bulk operations, and the ability to follow external auth links. - Sanitization: No sanitization or validation of the retrieved schemas or execution plans is mentioned; the agent is instructed to use the returned field names and types exactly.
Audit Metadata