gift-up-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs users to add an unverified MCP server endpoint (
https://rube.app/mcp) to their client configuration. Since this domain is not within the Trusted External Sources list, the reliability and safety of the tools it provides cannot be verified. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It relies on
RUBE_SEARCH_TOOLSto provide 'recommended execution plans' and 'known pitfalls' from a remote source. - Ingestion points: Data enters the agent context via the
RUBE_SEARCH_TOOLSresponse. - Boundary markers: None specified; the agent is simply told to use the results.
- Capability inventory: Includes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, which allow for broad operational capabilities. - Sanitization: None mentioned. Malicious instructions in the search results could lead the agent to perform unauthorized actions on the Gift Up account.
- REMOTE_CODE_EXECUTION (HIGH): The skill uses dynamic tool discovery and execution. The agent is instructed to 'Never hardcode tool slugs' and instead use whatever is returned by the remote server. This allows the remote server to control which logic the agent executes via
RUBE_MULTI_EXECUTE_TOOLand the potentially powerfulRUBE_REMOTE_WORKBENCHtool. - DATA_EXFILTRATION (MEDIUM): Because the connection to Gift Up is managed through a third-party 'Rube' intermediary, sensitive account data and gift card information may be exposed to the service provider without explicit user oversight of the data flow.
Recommendations
- AI detected serious security threats
Audit Metadata