gleap-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires connecting to an external MCP server at 'https://rube.app/mcp'. This domain is not in the trusted source list. The agent dynamically retrieves tool schemas and logic from this remote endpoint at runtime, which could be manipulated.
- PROMPT_INJECTION (HIGH): High risk of Indirect Prompt Injection. 1. Ingestion points: Data is ingested from Gleap via toolkit tools. 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions found within external data. 3. Capability inventory: Write and execute capabilities are present via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. 4. Sanitization: Absent; the skill encourages direct use of dynamic field names and types from search results.
- COMMAND_EXECUTION (MEDIUM): The use of RUBE_REMOTE_WORKBENCH with run_composio_tool() allows for remote task execution, which increases the impact if an attacker successfully injects instructions into the Gleap data the agent processes.
Recommendations
- AI detected serious security threats
Audit Metadata