fixer-io-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection as it dynamically processes tool definitions and instructions from an external source to determine agent behavior. Evidence Chain: 1. Ingestion points: Tool schemas and execution plans returned by RUBE_SEARCH_TOOLS (SKILL.md). 2. Boundary markers: Absent; the instructions tell the agent to follow search results exactly. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (SKILL.md). 4. Sanitization: None described.
- [EXTERNAL_DOWNLOADS] (LOW): The setup instructions direct the user to connect to https://rube.app/mcp. This domain is not on the trusted sources list and acts as a third-party dependency for the skill functionality.
Audit Metadata