finage-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires connection to an external MCP server hosted at
https://rube.app/mcp. This domain is not included in the trusted organization list. Use of unverified external endpoints for tool definitions and execution logic introduces a reliance on the third-party provider's availability and integrity. - INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest and act upon data retrieved dynamically from an external source via
RUBE_SEARCH_TOOLS. - Ingestion points: Tool schemas and execution plans are fetched at runtime from
rube.app. - Boundary markers: No specific delimiters or instructions are provided to the agent to treat the fetched schema data as untrusted or to ignore embedded instructions.
- Capability inventory: The
RUBE_MULTI_EXECUTE_TOOLcapability allows the agent to perform external operations based on the fetched schemas. - Sanitization: There is no explicit sanitization logic; the agent is instructed to trust and use the exact field names and types returned by the remote search.
- DYNAMIC_EXECUTION (LOW): The skill uses a pattern of dynamic tool discovery where the agent fetches and executes capabilities defined at runtime. While this is the intended functionality of the Rube/Composio integration, it shifts the security boundary to the external schema provider.
Audit Metadata