formdesk-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires adding an MCP server from
https://rube.app/mcp, which is not a trusted source according to the [TRUST-SCOPE-RULE]. This grants an external party control over tool definitions and handling within the agent's context. - REMOTE_CODE_EXECUTION (HIGH): By directing the agent to use tool schemas and execution plans dynamically retrieved from an untrusted MCP server, the skill enables remote logic execution.
- PROMPT_INJECTION (HIGH): High risk of Indirect Prompt Injection. 1. Ingestion points: Data retrieved from Formdesk via
RUBE_SEARCH_TOOLSandRUBE_MULTI_EXECUTE_TOOL. 2. Boundary markers: Absent; no delimiters are used to separate external data from instructions. 3. Capability inventory: High; the skill can execute multiple tools (RUBE_MULTI_EXECUTE_TOOL) and perform workbench operations (RUBE_REMOTE_WORKBENCH). 4. Sanitization: Absent; the agent is instructed to use exact field names and types from search results. - COMMAND_EXECUTION (MEDIUM): The
RUBE_REMOTE_WORKBENCHtool provides a capability for executing remote commands or scripts via the workbench interface.
Recommendations
- AI detected serious security threats
Audit Metadata