flutterwave-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): High surface for indirect prompt injection via dynamic tool schemas. Ingestion points: RUBE_SEARCH_TOOLS returns tool schemas, recommended execution plans, and known pitfalls from a remote source. Boundary markers: Absent in instructions. Capability inventory: Financial operations via the Flutterwave toolkit (RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH). Sanitization: Absent; the agent is explicitly instructed to follow the remote execution plans.
- EXTERNAL_DOWNLOADS (HIGH): Requires the installation of an unverified remote MCP server (https://rube.app/mcp). This domain is not within the trusted organization scope, and the server acts as a black-box gateway for all tool definitions and logic.
- COMMAND_EXECUTION (MEDIUM): The skill implements dynamic tool execution based on remote schemas rather than static definitions. This allows the remote server to manipulate the parameters or targets of commands at runtime, which is particularly hazardous given the financial nature of the Flutterwave toolkit.
Recommendations
- AI detected serious security threats
Audit Metadata