fluxguard-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references an external MCP server at https://rube.app/mcp. This domain is not on the trusted sources list, making it an external dependency that the agent is instructed to trust for tool definitions.
- [COMMAND_EXECUTION] (LOW): The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to perform actions based on tool schemas fetched at runtime. The logic and parameters of these commands are controlled by the remote MCP server's responses.
- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8). Evidence: 1. Ingestion points: RUBE_SEARCH_TOOLS response; 2. Boundary markers: Absent; 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH; 4. Sanitization: None. The agent is directed to follow execution plans provided by the remote server, which could potentially contain malicious instructions.
Audit Metadata