griptape-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The core workflow (Step 1 to Step 3) creates a high-severity injection surface. The agent is instructed to call
RUBE_SEARCH_TOOLSand then use the resulting schemas to drive execution viaRUBE_MULTI_EXECUTE_TOOL. Any malicious or poisoned data returned by the search tool would be followed by the agent. - Ingestion points: Data returned from
RUBE_SEARCH_TOOLS(external server response). - Boundary markers: Absent; instructions explicitly command the agent to use 'exact field names and types from the search results.'
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLprovides a direct execution path for tools defined by the external source. - Sanitization: Absent; there is no logic to validate or filter the remote tool schemas before use.
- Remote Code Execution (HIGH): The skill requires the addition of an external, non-trusted MCP server (
https://rube.app/mcp). This server defines the capabilities and logic available to the agent, effectively allowing remote control over the agent's available actions. - Data Exposure (MEDIUM): The use of a third-party gateway to manage 'Griptape' connections implies that sensitive task data and potentially authentication tokens are processed by an external service provider (
rube.app), which is not listed as a trusted source.
Recommendations
- AI detected serious security threats
Audit Metadata