elorus-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to add an external MCP server from rube.app (https://rube.app/mcp), which is not included in the list of trusted external sources. Adding unverified remote endpoints allows third parties to define the agent's available tools.\n- PROMPT_INJECTION (HIGH): Category 8 (Indirect Prompt Injection) surface detected. The skill's core workflow relies on fetching dynamic tool schemas and execution plans from the remote server via RUBE_SEARCH_TOOLS.\n
- Ingestion points: Responses from RUBE_SEARCH_TOOLS at rube.app.\n
- Boundary markers: Absent; the agent is instructed to follow the returned execution plans and schemas directly.\n
- Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH can perform write operations and bulk data processing in Elorus.\n
- Sanitization: None mentioned; the agent uses exact field names and types from remote search results.\n- REMOTE_CODE_EXECUTION (HIGH): By connecting to an untrusted MCP server, the agent effectively loads executable tool definitions from a remote source. The RUBE_REMOTE_WORKBENCH tool specifically allows for remote execution of tasks, which could be exploited if the server is compromised or malicious.
Recommendations
- AI detected serious security threats
Audit Metadata