emelia-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires connecting to an external MCP server at https://rube.app/mcp. This domain is not on the trusted sources list provided in the security guidelines.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Tool schemas and execution plans are retrieved from the Rube MCP server via RUBE_SEARCH_TOOLS. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the search context. 3. Capability inventory: The skill can execute arbitrary tool slugs via RUBE_MULTI_EXECUTE_TOOL. 4. Sanitization: There is no evidence of validation or sanitization of the plans returned by the server.
- DYNAMIC_EXECUTION (LOW): The skill dynamically constructs tool calls using slugs and arguments provided by the external search service at runtime, which is a common but inherently riskier pattern.
Audit Metadata