fireflies-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs users to add an unverified MCP server (
https://rube.app/mcp). This domain is not listed in the trusted organizations or repositories, posing a risk of malicious tool definitions. - REMOTE_CODE_EXECUTION (HIGH): By connecting to a remote MCP server, the agent executes tools (logic and operations) defined and hosted by the third party. Commands like
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfacilitate the execution of these remote capabilities. - DATA_EXFILTRATION (HIGH): The skill facilitates access to Fireflies meeting data. Routing this sensitive information through an unverified external MCP server provides a pathway for data exposure or exfiltration.
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. 1. Ingestion points: Reads meeting transcripts and notes via the
firefliestoolkit. 2. Boundary markers: None specified to differentiate meeting data from instructions. 3. Capability inventory: Commands likeRUBE_MULTI_EXECUTE_TOOLallow the agent to perform write operations and external actions. 4. Sanitization: No sanitization of meeting content is described. An attacker participating in a meeting could inject instructions into the transcript that the agent then executes automatically.
Recommendations
- AI detected serious security threats
Audit Metadata