fullenrich-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill retrieves its execution logic and tool schemas dynamically from https://rube.app/mcp via RUBE_SEARCH_TOOLS. This allows a remote endpoint to inject instructions or malicious tool definitions into the agent's workflow.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill mandates the addition of an untrusted MCP server from rube.app, which falls outside the scope of trusted repositories or organizations.
- COMMAND_EXECUTION (HIGH): RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH are used to execute tools that are discovered at runtime, meaning the specific commands being run are not statically verifiable.
- DATA_EXFILTRATION (MEDIUM): The skill handles sensitive data enrichment (Fullenrich), involving contact information and PII. This data is transmitted through and processed by the third-party MCP server.
Recommendations
- AI detected serious security threats
Audit Metadata