fibery-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's primary workflow involves fetching tool schemas and execution plans from a remote service via
RUBE_SEARCH_TOOLS. This untrusted data directly influences the agent's next steps and tool arguments, creating a large attack surface for indirect prompt injection where a malicious response could hijack agent behavior. - Ingestion points: Search results and tool schemas from
https://rube.app/mcp. - Boundary markers: None (instructions explicitly state to follow returned schemas and execution plans).
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH, andRUBE_MANAGE_CONNECTIONS. - Sanitization: None provided in the instruction set.
- [Remote Code Execution] (HIGH): The
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLcapabilities allow for the execution of logic and tasks defined on a remote server. This constitutes remote execution of third-party provided code/actions. - [External Downloads] (MEDIUM): The skill requires the addition of an external, third-party MCP endpoint (
https://rube.app/mcp). This server is not a known trusted source in the analyzer's list and acts as a gateway for sensitive authentication and tool execution.
Recommendations
- AI detected serious security threats
Audit Metadata