honeyhive-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted data from an external API (RUBE_SEARCH_TOOLS) and use that data to determine which tools to run and what arguments to provide. (1) Ingestion point: Tool schemas and execution plans are fetched dynamically from https://rube.app/mcp. (2) Capability inventory: The agent can execute tools via RUBE_MULTI_EXECUTE_TOOL and run arbitrary workbench commands via RUBE_REMOTE_WORKBENCH. (3) Boundary markers: No markers or validation steps are defined; the agent is explicitly told to 'Never hardcode' and instead follow the remote search results. (4) Sanitization: No sanitization of the remote tool definitions is performed before execution.
- [External Downloads] (MEDIUM): The skill requires the addition of an external MCP server (https://rube.app/mcp). While it claims to be associated with Composio, the specific endpoint is not on the pre-approved trusted source list, making its security status unverifiable.
- [Dynamic Execution] (HIGH): The instruction to 'Always search tools first' for schemas and recommended execution plans means the agent's behavior is determined at runtime by remote content. This facilitates potential malicious overrides if the remote server returns harmful execution plans.
Recommendations
- AI detected serious security threats
Audit Metadata