dromo-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk attack surface where external content from the rube.app MCP server and Dromo API influences agent actions.
- Ingestion points: Data returned from RUBE_SEARCH_TOOLS and individual tool outputs.
- Boundary markers: None present to distinguish instructions from data.
- Capability inventory: Write and execute capabilities via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH.
- Sanitization: No evidence of input validation or escaping.
- [Unverifiable Dependencies] (MEDIUM): Requires configuration of an external MCP server from an unverified source (https://rube.app/mcp), which serves as a runtime extension.
- [Dynamic Execution] (MEDIUM): Tool selection and argument construction are performed dynamically based on remote search results (RUBE_SEARCH_TOOLS).
Recommendations
- AI detected serious security threats
Audit Metadata