emaillistverify-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to configure an untrusted MCP server at
https://rube.app/mcp. This domain is not among the Trusted External Sources, and connecting to it allows the external server to provide and execute tools within the agent context. - REMOTE_CODE_EXECUTION (HIGH): The tools
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfacilitate the execution of remote logic or tools defined by the untrusted Rube MCP server, constituting a remote code execution risk. - DATA_EXFILTRATION (MEDIUM): Sensitive information such as email lists are processed through the
rube.appproxy to reach the Emaillistverify service, exposing private user data to an unverified third party. - PROMPT_INJECTION (HIGH): The skill possesses a high-severity indirect prompt injection surface. Ingestion points: Emaillistverify data enters the agent context via Rube tools. Boundary markers: None mentioned in the instructions. Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(file/tool execution). Sanitization: None described. This allows malicious content within processed emails to potentially trigger unauthorized tool executions or exfiltrate data.
Recommendations
- AI detected serious security threats
Audit Metadata