gatherup-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): This skill is vulnerable to indirect prompt injection because it dynamically ingests tool schemas and execution plans from an external provider to drive agent behavior.\n
- Ingestion points: Tool metadata, input schemas, and execution plans retrieved via RUBE_SEARCH_TOOLS from rube.app.\n
- Boundary markers: Absent; the instructions tell the agent to follow search results and schemas directly without validation.\n
- Capability inventory: The skill can execute arbitrary remote tools via RUBE_MULTI_EXECUTE_TOOL and run bulk operations via RUBE_REMOTE_WORKBENCH.\n
- Sanitization: No sanitization or verification of the remote tool definitions is mentioned.\n- External Downloads (LOW): The skill configures a connection to an external MCP endpoint (https://rube.app/mcp). This domain is not on the trusted sources list, meaning the tool logic is provided by an unverified source.\n
- Source URL: https://rube.app/mcp\n
- Execution method: MCP server configuration\n
- Status: Unknown source\n
- Dynamic execution patterns: The agent pulls executable tool definitions at runtime based on remote search queries.
Audit Metadata