imgix-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill requires connecting to an external MCP endpoint at
https://rube.app/mcp. This domain is not on the trusted list, meaning the agent is delegating tool definitions and execution logic to an unverified third party.- Indirect Prompt Injection (HIGH): The skill facilitates a high-risk indirect prompt injection surface. - Ingestion points: Data enters the agent context through tools interacting with the Imgix API (e.g., image metadata, asset descriptions).
- Boundary markers: The skill documentation lacks instructions for implementing delimiters or security boundaries to separate untrusted Imgix content from agent instructions.
- Capability inventory: The skill uses
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, providing the agent with write and execution capabilities that could be abused if malicious instructions are found in Imgix data. - Sanitization: There is no evidence of sanitization or strict schema validation to prevent external content from influencing the agent's behavior.- Dynamic Execution (MEDIUM): The use of
RUBE_REMOTE_WORKBENCHwithrun_composio_tool()implies the ability to dynamically load and execute tool logic at runtime from a remote source.
Recommendations
- AI detected serious security threats
Audit Metadata