graphhopper-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is explicitly designed to ingest and follow 'recommended execution plans' and tool schemas from a remote API (RUBE_SEARCH_TOOLS). * Ingestion points: Data returned from RUBE_SEARCH_TOOLS at runtime. * Boundary markers: Absent. The instructions command the agent to follow the returned schemas and plans exactly. * Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH allow execution of arbitrary tool slugs with arbitrary arguments. * Sanitization: None. The agent is encouraged to use exact field names and types from the search results.
- Remote Code Execution (HIGH): The skill facilitates the execution of tools whose logic and parameters are controlled by a remote server (https://rube.app/mcp) via the RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH commands.
- External Downloads (MEDIUM): Requires the addition of an external, non-whitelisted MCP server endpoint (https://rube.app/mcp) which is not within the defined trust scope.
Recommendations
- AI detected serious security threats
Audit Metadata