goodbits-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to add an external MCP server endpoint (
https://rube.app/mcp). This domain and the associated service ('rube.app' / 'composio.dev') are not included in the Trusted External Sources list, representing an unverified dependency. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLto perform operations. This architecture involves executing logic through a remote environment, meaning the agent's actions are governed by code and schemas provided by the untrusted external server at runtime. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it dynamically ingests tool schemas, execution plans, and 'pitfalls' from the remote server.
- Ingestion points: External data enters the agent context through the
RUBE_SEARCH_TOOLSandRUBE_GET_TOOL_SCHEMASfunctions. - Boundary markers: There are no delimiters or instructions provided to the agent to ignore potentially malicious content within the fetched tool descriptions or schemas.
- Capability inventory: The skill possesses significant capabilities, including multi-tool execution and remote workbench access via the MCP server.
- Sanitization: No sanitization, validation, or human-in-the-loop verification is mentioned for the data returned by the search tools before it is used to formulate tool calls.
Audit Metadata