hashnode-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill mandates fetching tool schemas and recommended execution plans from an external endpoint (rube.app) via RUBE_SEARCH_TOOLS. This untrusted data directly drives the agent's tool execution flow. * Ingestion point: RUBE_SEARCH_TOOLS response. * Capability inventory: RUBE_MULTI_EXECUTE_TOOL (execution of arbitrary tool slugs and arguments). * Boundary markers: None present. * Sanitization: None present.
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill requires the user to add an external, unverified MCP server endpoint (https://rube.app/mcp). This endpoint provides the logic, schemas, and instructions that control the agent's actions, effectively serving as remote code.
- Data Exposure & Exfiltration (LOW): The skill establishes communication with rube.app, a domain not present on the trusted whitelist, which could be used as a channel for data exposure during connection management or tool execution.
Recommendations
- AI detected serious security threats
Audit Metadata