highergov-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs users to add an untrusted MCP endpoint (
https://rube.app/mcp) to their configuration. This allows an external, unverified server to define the tools, schemas, and instructions the agent will execute. - [REMOTE_CODE_EXECUTION] (HIGH): The skill includes
RUBE_REMOTE_WORKBENCHandrun_composio_tool(), which are designed for remote tool and code execution. Providing these capabilities via an untrusted third-party provider presents a significant risk of arbitrary code execution. - [CREDENTIALS_UNSAFE] (HIGH): The
RUBE_MANAGE_CONNECTIONStool is used to handle authentication for the 'highergov' toolkit. Interfacing with sensitive service connections through an unverified intermediary (rube.app) poses a severe risk of credential theft or unauthorized session access. - [COMMAND_EXECUTION] (MEDIUM): The use of
RUBE_MULTI_EXECUTE_TOOLenables the automated execution of complex workflows. Because the tool definitions are provided dynamically by an untrusted server, there is a risk of the agent being tricked into executing malicious sequences of commands. - [PROMPT_INJECTION] (HIGH): The skill is designed to process external government data and search results (Highergov) while having high-privilege execution capabilities.
- Ingestion points: Data retrieved from Highergov tools and
RUBE_SEARCH_TOOLSresults. - Boundary markers: None present in the instructions to separate untrusted data from agent logic.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH, andRUBE_MANAGE_CONNECTIONSprovide broad system and account access. - Sanitization: No sanitization or validation of external tool outputs is documented.
Recommendations
- AI detected serious security threats
Audit Metadata