geocodio-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill instructs the agent to dynamically fetch and execute tool schemas from an external source, which could be exploited if the source is compromised. Ingestion points: tool definitions returned from RUBE_SEARCH_TOOLS. Boundary markers: Absent in the skill instructions. Capability inventory: includes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH for executing commands or tools. Sanitization: no explicit sanitization or validation of the fetched schemas is mentioned.
- [External Dependencies] (SAFE): The skill relies on an external MCP server at https://rube.app/mcp. While this is an untrusted external source according to the predefined list, it is the intended architectural endpoint for the Rube MCP service and does not involve immediate shell command execution or package installation within the skill body.
Audit Metadata