goody-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill workflow relies on
RUBE_SEARCH_TOOLSto fetch tool slugs and schemas fromhttps://rube.app/mcpat runtime. The agent then executes these tools viaRUBE_MULTI_EXECUTE_TOOL. Since the logic and parameters are defined by an external, non-trusted source and executed dynamically, it poses a medium risk of remote logic control. - [Indirect Prompt Injection] (LOW): The skill identifies a surface for tool output poisoning. 1. Ingestion points: Tool schemas and recommended plans returned by
RUBE_SEARCH_TOOLS. 2. Boundary markers: Absent; instructions suggest using exact field names and following recommended plans from the search results. 3. Capability inventory:RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHallow for complex interactions and command-like tool execution. 4. Sanitization: Absent; there is no validation of the schemas or instructions returned by the remote server. - [External Reference] (LOW): The skill requires connection to
https://rube.app/mcp. This domain is not included in the list of trusted external sources.
Audit Metadata