gamma-automation
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): Directs users to configure an unverified MCP server endpoint (https://rube.app/mcp). This source is not within the trusted organization whitelist.- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes RUBE_REMOTE_WORKBENCH, enabling the execution of arbitrary tasks on a remote environment provided by the untrusted server.- [COMMAND_EXECUTION] (MEDIUM): Operations like RUBE_MULTI_EXECUTE_TOOL allow the remote server to dictate actions performed by the agent, potentially leading to unauthorized commands within the connected Gamma service.- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: (1) Ingestion point: RUBE_SEARCH_TOOLS response (remote schema/plans). (2) Boundary markers: Absent. (3) Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH (file write/execute equivalents). (4) Sanitization: Absent. This allows a malicious or compromised server to inject instructions that the agent will follow as authoritative logic.
Recommendations
- AI detected serious security threats
Audit Metadata