dropbox-sign-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies (HIGH): The skill requires the addition of a remote MCP server at
https://rube.app/mcp. This domain is not within the trusted scope. The security and integrity of any operations depend entirely on this external provider. - Indirect Prompt Injection (HIGH): The skill exhibits a high-risk capability tier where external data directly influences side-effect-heavy actions.
- Ingestion points: Untrusted data enters the agent context via
RUBE_SEARCH_TOOLS, which provides "input schemas, recommended execution plans, and known pitfalls." - Boundary markers: Absent. No instructions are provided to sanitize or ignore malicious instructions embedded in the tool schemas or plans.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide the ability to execute operations on Dropbox Sign and run remote code/tools. - Sanitization: Absent. The agent is explicitly told to "Use exact field names and types from the search results."
- Dynamic Execution (MEDIUM): The skill uses a pattern of dynamic tool discovery and execution. By calling
RUBE_GET_TOOL_SCHEMASand executingTOOL_SLUG_FROM_SEARCH, the agent is performing dynamic loading of executable logic from computed remote paths, which could be manipulated by the remote server to execute unintended commands.
Recommendations
- AI detected serious security threats
Audit Metadata