habitica-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to add an external MCP endpoint
https://rube.app/mcp. This domain is not a trusted source, meaning the agent's tool definitions are controlled by an unverified third party. - REMOTE_CODE_EXECUTION (MEDIUM): The presence of
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLindicates that the skill can execute complex logic or tools remotely. Since these tools are fetched dynamically at runtime viaRUBE_SEARCH_TOOLS, the agent is executing logic whose behavior is not statically defined in the skill itself. - INDIRECT PROMPT INJECTION (LOW): The skill is highly susceptible to indirect injection because it explicitly follows 'recommended execution plans' and 'tool schemas' fetched from the remote server. \n
- Ingestion points: Tool definitions and plans returned by
RUBE_SEARCH_TOOLS.\n - Boundary markers: Absent; the skill encourages exact adherence to remote results.\n
- Capability inventory: Remote tool execution and workbench access via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH.\n - Sanitization: Absent; the skill lacks validation for the data returned by the search tool.
Audit Metadata