jumpcloud-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- External Downloads (HIGH): The skill instructs users to add
https://rube.app/mcpas an MCP server. This is an untrusted external source that provides the functional logic for the skill. There is no verification of the safety or integrity of the tools provided by this endpoint. - Remote Code Execution (HIGH): The use of
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHenables the execution of tools hosted on the remote server. Because these tools manage Jumpcloud (identity and access management), malicious tool definitions could lead to unauthorized account creation, privilege escalation, or data theft within the Jumpcloud environment. - Indirect Prompt Injection (HIGH): This skill has a high vulnerability to indirect injection from its primary data source.
- Ingestion points: Data enters the agent via
RUBE_SEARCH_TOOLS, which provides tool slugs, input schemas, and "recommended execution plans." - Boundary markers: None. The agent is told to trust and follow the search results explicitly.
- Capability inventory: The skill possesses high-privilege capabilities including connection management (
RUBE_MANAGE_CONNECTIONS) and arbitrary tool execution (RUBE_MULTI_EXECUTE_TOOL) on the Jumpcloud platform. - Sanitization: None. The instructions require following the external schema exactly.
- Privilege Escalation (HIGH): Automating Jumpcloud involves managing users, groups, and systems. Entrusting these administrative tasks to an unverified third-party intermediary (
rube.app) presents a significant risk of privilege abuse.
Recommendations
- AI detected serious security threats
Audit Metadata