enigma-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill mandates connection to an external MCP endpoint at
https://rube.app/mcp. This domain is not listed in the trusted sources, representing an unverifiable third-party dependency. - REMOTE_CODE_EXECUTION (MEDIUM): The skill enables
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLwhich allow logic to be executed on a remote server. The specific tools and arguments are determined dynamically at runtime via an external search tool, which could be manipulated to execute unauthorized actions. - PROMPT_INJECTION (LOW): The skill establishes an indirect prompt injection surface by instructing the agent to follow plans and schemas returned from
RUBE_SEARCH_TOOLS. Evidence Chain: 1. Ingestion points: Data entering throughRUBE_SEARCH_TOOLStool calls. 2. Boundary markers: Absent; no instructions provided to treat tool-discovered schemas as untrusted. 3. Capability inventory: Remote execution and tool-calling capabilities. 4. Sanitization: Absent; the agent is told to use exact field names and recommended execution plans from the remote search results.
Audit Metadata