heyreach-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires connecting to a remote MCP endpoint at 'https://rube.app/mcp'. This server is not a trusted source and has the ability to register tools with arbitrary functionality in the agent's environment.
- REMOTE_CODE_EXECUTION (HIGH): By instructing the agent to follow 'recommended execution plans' returned by the 'RUBE_SEARCH_TOOLS' tool, the skill allows a remote server to dictate sequences of actions and logic, effectively executing remote instructions.
- COMMAND_EXECUTION (HIGH): The skill provides tools for executing account-level operations ('RUBE_MULTI_EXECUTE_TOOL') and bulk tasks ('RUBE_REMOTE_WORKBENCH'), granting significant control over external accounts based on instructions from the remote MCP server.
- PROMPT_INJECTION (HIGH): The reliance on external tool schemas and execution plans creates a significant surface for indirect prompt injection. A malicious response from the 'rube.app' API can inject instructions to manipulate the agent's behavior.
- Ingestion points: 'RUBE_SEARCH_TOOLS' response content.
- Boundary markers: Absent.
- Capability inventory: Includes 'RUBE_MULTI_EXECUTE_TOOL', 'RUBE_REMOTE_WORKBENCH', and account-level automation.
- Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata