fingertip-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires adding an external MCP server (rube.app/mcp). While this is necessary for functionality, the domain is not a pre-approved trusted source.
- REMOTE_CODE_EXECUTION (LOW): The inclusion of
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLimplies the execution of operations in a remote environment managed by the third-party service. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its dynamic tool discovery mechanism.
- Ingestion points: Tool schemas and execution plans are fetched at runtime from the Rube MCP server via
RUBE_SEARCH_TOOLS. - Boundary markers: None present; the agent is instructed to use the exact field names and types from search results without validation.
- Capability inventory: The skill possesses the ability to execute multiple tools and access a remote workbench.
- Sanitization: No sanitization or validation of the fetched metadata is performed, meaning malicious tool schemas from the server could influence agent behavior.
Audit Metadata