ipdata-co-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by consuming external data and schemas from the Ipdata.co API and the Rube MCP server. These outputs are used to drive the
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfunctions. - Ingestion Points: Data enters the agent context via
RUBE_SEARCH_TOOLS(tool schemas) and the output of executed Ipdata tools. - Capability Inventory: The skill has broad tool execution capabilities (
RUBE_MULTI_EXECUTE_TOOL) and remote workbench access (RUBE_REMOTE_WORKBENCH). - Boundary Markers: None identified in the provided markdown; instructions do not explicitly warn the agent to ignore instructions embedded in the IP data or tool schemas.
- Sanitization: No evidence of sanitization or schema validation is present in the skill definition.
- Remote Code Execution / External Downloads (HIGH): The setup instructions require the user to add
https://rube.app/mcpas an MCP server. This endpoint is not a trusted source according to the security framework. This server dynamically provides tool definitions and execution logic to the agent, effectively serving as a remote execution vector. - Command Execution (MEDIUM): The use of
RUBE_REMOTE_WORKBENCHwithrun_composio_tool()allows for complex, potentially dangerous operations that are abstracted behind the MCP interface, reducing transparency into what commands are actually being executed.
Recommendations
- AI detected serious security threats
Audit Metadata