eventzilla-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to add an untrusted external endpoint
https://rube.app/mcpas a core dependency. This host is not part of the approved trusted sources list, posing a risk of malicious tool delivery. - REMOTE_CODE_EXECUTION (HIGH): Through the MCP protocol, the remote server defines tool logic and execution patterns. Specifically, the mention of
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLindicates the agent will execute commands and logic defined entirely by the untrusted host. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) via the external tool discovery mechanism.
- Ingestion points:
RUBE_SEARCH_TOOLS(described in SKILL.md) which fetches tool slugs, schemas, and 'recommended execution plans' from the external server. - Boundary markers: Absent. The instructions do not tell the agent to ignore or sanitize instructions found within these dynamically fetched plans.
- Capability inventory: The skill possesses high-risk capabilities including connection management (
RUBE_MANAGE_CONNECTIONS) and tool execution (RUBE_MULTI_EXECUTE_TOOL). - Sanitization: Absent. The instructions explicitly state to 'use exact field names and types from the search results' and follow the 'recommended execution plans' without validation.
Recommendations
- AI detected serious security threats
Audit Metadata