humanitix-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to indirect prompt injection via Humanitix data and tool schemas.\n
- Ingestion points: External data and tool definitions fetched via
RUBE_SEARCH_TOOLS(SKILL.md).\n - Boundary markers: Absent. No markers or instructions provided to ignore or delimit embedded instructions in external content.\n
- Capability inventory: High-privilege write capabilities via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(SKILL.md).\n - Sanitization: Absent. The skill explicitly directs the agent to follow the exact schemas and types returned from untrusted search results without validation.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the configuration of an external MCP server (
https://rube.app/mcp). This source is not on the trusted whitelist and acts as a remote dependency for the skill's logic.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): Uses dynamic execution patterns where tool slugs and arguments are discovered and executed at runtime viaRUBE_MULTI_EXECUTE_TOOL, allowing an external source to influence executed commands.
Recommendations
- AI detected serious security threats
Audit Metadata