The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill requires connecting to an external MCP server at https://rube.app/mcp, which is not a trusted source. This creates a dependency on an unverified third-party service for core functionality.
REMOTE_CODE_EXECUTION (HIGH): The use of RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL allows the agent to perform complex operations based on logic provided by the remote server. If the server is compromised, it could execute malicious tool chains on the user's behalf.
COMMAND_EXECUTION (MEDIUM): Tool execution parameters and slugs are retrieved dynamically via RUBE_SEARCH_TOOLS. This allows a remote attacker to manipulate which tools are executed and with what arguments.
PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). (1) Ingestion points: Tool definitions and 'recommended execution plans' enter the agent context from https://rube.app/mcp. (2) Boundary markers: No delimiters or instructions are used to separate remote content from the agent's core instructions. (3) Capability inventory: The skill can execute tools, manage connections, and use a remote workbench, providing high-impact capabilities to potentially malicious remote data. (4) Sanitization: No validation or filtering is performed on the data returned by the discovery tools.

jigsawstack-automation