genderize-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires connection to an external MCP server at
https://rube.app/mcp. This server is not a listed trusted source. Adding remote MCP servers allows third-party tool definitions and logic to be integrated into the agent's environment. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Data enters the agent context via
RUBE_SEARCH_TOOLS, which returns 'recommended execution plans' and 'known pitfalls' from the remote server. - Boundary markers: None present in the instructions to prevent the agent from obeying instructions embedded in the search results.
- Capability inventory: The agent has access to
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(SKILL.md). - Sanitization: None specified; the agent is explicitly told to follow the returned execution plans.
- COMMAND_EXECUTION (HIGH): The tool
RUBE_MULTI_EXECUTE_TOOLallows the execution of arbitrary tools defined by the remote server. The instructions 'Always call RUBE_SEARCH_TOOLS first to get current tool schemas' and 'Use exact field names and types from the search results' ensure the agent blindly follows remote configuration. - REMOTE_CODE_EXECUTION (HIGH): The skill references
RUBE_REMOTE_WORKBENCHfor bulk operations. This typically involves a remote execution environment where scripts or tools are run on external infrastructure, bypassing local security controls.
Recommendations
- AI detected serious security threats
Audit Metadata