hypeauditor-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection through the dynamic discovery mechanism. \n
- Ingestion points:
RUBE_SEARCH_TOOLSfetches external tool schemas and 'recommended execution plans' from rube.app (SKILL.md). \n - Boundary markers: Absent; the skill explicitly instructs the agent to follow the instructions and plans provided in the search response. \n
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHallow execution of complex tasks based on this remote input. \n - Sanitization: Absent.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to configure a third-party MCP endpoint (
https://rube.app/mcp) that is not part of the established trusted source list.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): Tool logic and execution parameters are defined by the remote server at runtime. This 'discover-then-execute' pattern allows the remote server to effectively control the agent's functional capabilities and actions.
Recommendations
- AI detected serious security threats
Audit Metadata