finerworks-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires connecting to an external, non-trusted MCP endpoint at https://rube.app/mcp for tool discovery and execution logic.
- PROMPT_INJECTION (LOW): Potential for indirect prompt injection as the agent is instructed to follow 'recommended execution plans' and 'pitfalls' returned from the remote search tool. Evidence: (1) Ingestion point: RUBE_SEARCH_TOOLS response; (2) Boundary markers: Absent; (3) Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH; (4) Sanitization: Absent.
Audit Metadata