gigasheet-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies (HIGH): The skill requires adding an untrusted MCP server (https://rube.app/mcp) as an external dependency. This server is not among the verified trusted sources and controls the skill's logic and available tools.
- Indirect Prompt Injection (HIGH): The skill is highly susceptible to indirect prompt injection attacks. • Ingestion points: Data is ingested from Gigasheet spreadsheets via the outputs of discovery and execution tools. • Boundary markers: No boundary markers or 'ignore' instructions are used to separate untrusted spreadsheet data from agent instructions. • Capability inventory: The skill has access to high-privilege capabilities including 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH', allowing for arbitrary tool execution and remote command execution. • Sanitization: There is no evidence of data sanitization or validation before Gigasheet content is passed to execution tools.
- Dynamic Execution (MEDIUM): The skill dynamically discovers tool slugs and schemas at runtime via 'RUBE_SEARCH_TOOLS'. This allows a remote, untrusted server to change the agent's behavior and tool definitions without a skill update.
Recommendations
- AI detected serious security threats
Audit Metadata