hookdeck-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill contains a surface for Indirect Prompt Injection. It is designed to dynamically ingest tool schemas and execution plans from the
RUBE_SEARCH_TOOLStool at runtime. - Ingestion points: External data enters the context via the output of
RUBE_SEARCH_TOOLS(file: SKILL.md). - Boundary markers: Absent. There are no instructions to the agent to treat retrieved tool schemas as untrusted or to ignore embedded instructions within them.
- Capability inventory: The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, which provide the capability to execute operations and manage connections. - Sanitization: No sanitization or validation of the remote schemas is performed by the skill logic.
- EXTERNAL_DOWNLOADS (LOW): The skill directs users to configure an external MCP server endpoint (
https://rube.app/mcp). This domain is not listed in the Trusted External Sources. Although this is a configuration step rather than an automated script execution (likecurl | bash), it establishes a dependency on an untrusted remote service for the skill's core functionality.
Audit Metadata