foursquare-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Remote Dependency (HIGH): The skill instructs users to add
https://rube.app/mcpas an MCP server. This domain is not among the trusted sources (e.g., Anthropic, OpenAI, Microsoft). This establishes a critical dependency on unverified infrastructure that controls all tool logic. - Indirect Prompt Injection (HIGH): The skill exhibits a high-risk attack surface for processing malicious external content.
- Ingestion points: Processes raw data from Foursquare API responses through
RUBE_SEARCH_TOOLSand tool execution outputs. - Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between Foursquare data and potentially malicious embedded instructions.
- Capability inventory: The skill allows for writing and executing actions on a user's Foursquare account, including bulk operations via
RUBE_REMOTE_WORKBENCH. - Sanitization: No sanitization or validation of the external data is performed before it influences the agent's next steps.
- Dynamic Tool Execution (MEDIUM): The workflow relies on
RUBE_MULTI_EXECUTE_TOOLusing schemas fetched at runtime from a remote server. This allows the remote provider to change execution patterns or input requirements dynamically, which could be used to facilitate unauthorized operations if the remote server is compromised or malicious.
Recommendations
- AI detected serious security threats
Audit Metadata