junglescout-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill directs the agent to connect to a third-party MCP server at 'https://rube.app/mcp'. This domain is not included in the pre-approved trusted organizations list.
- REMOTE_CODE_EXECUTION (LOW): The skill facilitates remote tool execution through 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH'. While these are the primary functions of the skill, they rely on executable logic provided by a non-whitelisted remote service.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it retrieves and follows 'recommended execution plans' from the remote server. Evidence Chain: (1) Ingestion points: tool schemas and execution plans from 'RUBE_SEARCH_TOOLS'. (2) Boundary markers: Absent; instructions tell the agent to follow the search results. (3) Capability inventory: 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH'. (4) Sanitization: None; the agent is instructed to use discovered tool slugs and arguments directly.
Audit Metadata