eodhd-apis-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): Requires the addition of an external MCP server endpoint 'https://rube.app/mcp'. This domain is not among the trusted sources, posing a supply chain risk as the tool logic and definitions are hosted externally.
- [REMOTE_CODE_EXECUTION] (MEDIUM): Uses 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' to run logic provided by the untrusted remote MCP server.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest tool schemas and instructions dynamically from the 'RUBE_SEARCH_TOOLS' output, creating an attack surface for indirect injection.
- Ingestion points: Tool slugs and input schemas from 'RUBE_SEARCH_TOOLS'.
- Boundary markers: None present; the agent is instructed to follow schemas provided by the remote server.
- Capability inventory: 'RUBE_MULTI_EXECUTE_TOOL', 'RUBE_REMOTE_WORKBENCH'.
- Sanitization: No sanitization of the remote tool descriptions or schemas is mentioned.
Audit Metadata