googlesuper-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [Remote Code Execution] (MEDIUM): The skill instructs the agent to connect to an external MCP server at https://rube.app/mcp and use RUBE_REMOTE_WORKBENCH. Since this domain is not on the list of Trusted External Sources, this is an unverifiable remote execution environment.
- [Indirect Prompt Injection] (LOW): The skill has a high vulnerability surface because it processes data from Google Super tools (admin logs, emails, documents) which can contain malicious instructions. 1. Ingestion points: Outputs from Google Super tool executions. 2. Boundary markers: Absent in the provided workflow. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide significant write and execution capabilities. 4. Sanitization: Absent; the agent relies on dynamic schemas provided by the remote server.
Audit Metadata