kaggle-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires users to add an unverified external MCP server at
https://rube.app/mcp. This server provides the definitions, schemas, and logic for all functional tools used by the skill. - REMOTE_CODE_EXECUTION (HIGH): The skill pattern relies on
RUBE_SEARCH_TOOLSto fetch 'recommended execution plans' from the remote MCP server at runtime. These plans are then executed viaRUBE_MULTI_EXECUTE_TOOL, allowing the remote server to dynamically influence and control the agent's actions on the Kaggle platform. - COMMAND_EXECUTION (HIGH): Orchestrates complex multi-tool execution chains and bulk operations through
RUBE_REMOTE_WORKBENCHbased on remote instructions. This creates a significant capability surface that can be exploited if the source data is malicious. - DATA_EXFILTRATION (HIGH): The skill operates on Kaggle, which contains user datasets, private code, and account information. The reliance on remote execution plans from a non-whitelisted domain (
rube.app) creates a vulnerability where malicious plans could be used to exfiltrate sensitive data. - INDIRECT_PROMPT_INJECTION (HIGH): This skill exhibits a high-risk attack surface for indirect injection (Category 8):
- Ingestion points: Untrusted data enters via
RUBE_SEARCH_TOOLSfromhttps://rube.app/mcp. - Boundary markers: Absent; the agent is instructed to follow the remote plans directly.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide write/execute capabilities on the Kaggle platform. - Sanitization: Absent; the skill lacks validation of the tool schemas or execution plans returned by the remote server.
Recommendations
- AI detected serious security threats
Audit Metadata