gan-ai-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the user to add an external MCP server endpoint
https://rube.app/mcp. This domain is not part of the trusted organizations or repositories list. This server provides the tool definitions and execution logic for the agent. - [COMMAND_EXECUTION] (LOW): The skill uses
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto execute actions. While these are scoped to the Gan AI toolkit, they represent the capability to perform remote operations based on schemas fetched at runtime. - [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection (Category 8). The skill instructions mandate calling
RUBE_SEARCH_TOOLSto get current schemas and instructions before every execution. This creates a surface where the remote server could inject instructions into the agent's context. - Ingestion points:
RUBE_SEARCH_TOOLSresponse body. - Boundary markers: Absent. The skill does not instruct the agent to treat the tool search results as untrusted data or use delimiters.
- Capability inventory: Remote tool execution via Gan AI/Composio bridge.
- Sanitization: None specified in the skill instructions.
Audit Metadata