hystruct-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the addition of an unverified external MCP server endpoint (https://rube.app/mcp) to the agent's configuration. This domain is not recognized as a trusted source.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill includes instructions for using
RUBE_REMOTE_WORKBENCHwithrun_composio_tool(). This allows the remote service to execute complex operations and logic within the agent's environment, effectively granting remote execution capabilities to the unverified provider. - [COMMAND_EXECUTION] (HIGH): Implements
RUBE_MULTI_EXECUTE_TOOL, which dynamically executes tools based on slugs and schemas returned by the external service. This provides a direct path for executing arbitrary actions defined by the remote endpoint. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Data entering the agent context via
RUBE_SEARCH_TOOLSand tool outputs from the Hystruct integration. - Boundary markers: Absent. The skill provides no instructions to the agent to treat external tool definitions or outputs as untrusted.
- Capability inventory: Significant write and execute capabilities including
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. - Sanitization: Absent. The skill explicitly instructs the agent to follow the "recommended execution plans" provided by the external search results without validation.
- [DATA_EXPOSURE] (MEDIUM): Use of
RUBE_MANAGE_CONNECTIONSinvolves handling authentication links and potentially sensitive connection statuses (ACTIVE/INACTIVE) for external toolkits.
Recommendations
- AI detected serious security threats
Audit Metadata