evenium-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the user to add 'https://rube.app/mcp' as an MCP server. This domain is not listed as a trusted source, meaning the agent is instructed to connect to and trust unverified external infrastructure.
- REMOTE_CODE_EXECUTION (MEDIUM): The workflow utilizes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' to execute logic that is dynamically discovered from the remote MCP server at runtime. This pattern allows for the execution of remote code/tools that are not statically defined or audited within the skill.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: The agent is told to use 'RUBE_SEARCH_TOOLS' to find schemas and execution plans. 2. Boundary markers: Absent (there are no instructions to disregard instructions within the discovered schemas). 3. Capability inventory: Includes remote tool execution and workbench access. 4. Sanitization: No validation or sanitization of the remote data is specified before it is used to parameterize tool calls.
Audit Metadata