findymail-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the user to configure an external MCP server at
https://rube.app/mcp. This domain is not on the trusted sources list. Relying on an untrusted third-party endpoint for core agent capabilities (tool definitions) creates a significant supply-chain risk. - REMOTE_CODE_EXECUTION (MEDIUM): The skill utilizes
RUBE_REMOTE_WORKBENCHwithrun_composio_tool(). This indicates that operations are executed in a remote environment managed by the untrustedrube.appservice. - DYNAMIC_EXECUTION (MEDIUM): The skill is designed to call
RUBE_SEARCH_TOOLSto dynamically retrieve tool slugs and schemas at runtime. This pattern allows the remote server to dictate the agent's actions by providing specific execution plans and arguments that the agent is then instructed to execute viaRUBE_MULTI_EXECUTE_TOOL. - INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: Tool definitions, input schemas, and execution plans returned by
RUBE_SEARCH_TOOLSfromhttps://rube.app/mcp. - Boundary markers: Absent. The skill does not define delimiters or warnings to treat the retrieved tool metadata as potentially unsafe.
- Capability inventory: Remote tool execution (
RUBE_MULTI_EXECUTE_TOOL) and remote workbench access (RUBE_REMOTE_WORKBENCH). - Sanitization: Absent. The instructions tell the agent to use 'exact field names and types' provided by the external search results.
Audit Metadata