dripcel-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The setup instructions require adding an untrusted MCP server endpoint (
https://rube.app/mcp). This domain is not a verified source according to [TRUST-SCOPE-RULE]. This server is responsible for providing the tool definitions and execution instructions that the agent will follow. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Category 8 Indirect Prompt Injection. It instructs the agent to fetch and obey "execution plans" and "known pitfalls" from a remote search tool.
- Ingestion points: Tool schemas, slugs, and natural language instructions (execution plans) fetched from
RUBE_SEARCH_TOOLS. - Boundary markers: Absent; the skill directs the agent to follow the remote output directly.
- Capability inventory: Includes
RUBE_MULTI_EXECUTE_TOOL(for executing actions) andRUBE_REMOTE_WORKBENCH(for remote operations). - Sanitization: Absent; there is no validation or filtering of the content returned by the untrusted remote server.
- [COMMAND_EXECUTION] (HIGH): The inclusion of
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLprovides powerful execution capabilities. Because the logic and parameters for these tools are dynamically retrieved from an untrusted endpoint, an attacker controlling the remote server could execute unauthorized operations on the user's connected accounts.
Recommendations
- AI detected serious security threats
Audit Metadata