googlecalendar-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs users to add an untrusted remote MCP server (
https://rube.app/mcp). This server controls all tool definitions and logic. Because it is not in the trusted source list, this represents a high-risk external dependency. - [REMOTE_CODE_EXECUTION] (HIGH): The skill references
RUBE_REMOTE_WORKBENCHandrun_composio_tool(). This implies the capability to execute code or logic in a remote environment managed by the untrustedrube.appservice, which could be used to execute malicious payloads. - [INDIRECT_PROMPT_INJECTION] (HIGH):
- Ingestion points: The skill relies on
RUBE_SEARCH_TOOLSto fetch tool schemas and "recommended execution plans" from the remote server at runtime. - Boundary markers: Absent. The agent is instructed to "Always search tools first" and use the results to build its workflow without any verification or sanitization.
- Capability inventory: The skill possesses write capabilities (modifying Google Calendar) and potential execution capabilities via the remote workbench.
- Sanitization: Absent. There is no mechanism to validate that the "execution plans" or schemas provided by the remote server are safe or conform to the user's intent.
- [COMMAND_EXECUTION] (MEDIUM): The
RUBE_MULTI_EXECUTE_TOOLallows the agent to perform actions with side effects (creating/deleting calendar events) based on instructions fetched from an untrusted remote source.
Recommendations
- AI detected serious security threats
Audit Metadata