eversign-automation
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- External Downloads (MEDIUM): The skill requires connecting to
https://rube.app/mcpas an MCP server. This domain is not on the trusted sources list and serves as the primary provider for tool definitions and execution logic. - **Indirect Prompt Injection (HIGH
- Surface):** The skill processes external data from Eversign and possesses 'execute' capabilities through
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. - Ingestion points: Data returned from Eversign API calls (document content, metadata) via the MCP server.
- Boundary markers: Absent. The skill instructions do not provide delimiters or instructions to ignore embedded commands in Eversign data.
- Capability inventory: Includes tool execution (
RUBE_MULTI_EXECUTE_TOOL), connection management, and remote workbench operations. - Sanitization: None mentioned. The agent relies entirely on the third-party MCP server to sanitize inputs and outputs.
- Dynamic Execution (MEDIUM): The skill utilizes dynamic tool discovery (
RUBE_SEARCH_TOOLS). The agent's operational logic is not static but is determined at runtime based on the response from the remote Rube server, which could be altered without changing the skill code.
Audit Metadata