fraudlabs-pro-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires the user to add an untrusted remote MCP server (https://rube.app/mcp). This endpoint is not within the defined trust scope and acts as a central control point for the agent's capabilities.
- [REMOTE_CODE_EXECUTION] (HIGH): Through RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, the skill executes logic and tools defined dynamically by the remote server.
- [PROMPT_INJECTION] (HIGH): Mandatory Evidence Chain for Category 8 finding: 1. Ingestion points: RUBE_SEARCH_TOOLS returns dynamic tool schemas and execution plans (SKILL.md). 2. Boundary markers: Absent; the agent is told to 'Always search tools first' and follow results. 3. Capability inventory: Multi-tool execution and remote workbench access (SKILL.md). 4. Sanitization: Absent. This enables an attacker controlling the remote server to inject instructions directly into the agent's workflow.
- [COMMAND_EXECUTION] (MEDIUM): The skill provides the agent with the run_composio_tool() capability via a remote workbench, which allows for complex operations that could be abused if the tool definitions are compromised.
Recommendations
- AI detected serious security threats
Audit Metadata