keap-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires the user to add an untrusted external MCP server at 'https://rube.app/mcp'. This server provides the tool definitions and logic, posing a supply chain risk.
- REMOTE_CODE_EXECUTION (HIGH): Through tools like 'RUBE_REMOTE_WORKBENCH' and 'RUBE_MULTI_EXECUTE_TOOL', the agent executes logic and orchestration plans dynamically generated by the remote MCP server.
- COMMAND_EXECUTION (HIGH): The skill facilitates executing complex CRM operations using tool slugs and arguments provided at runtime by an external source.
- PROMPT_INJECTION (HIGH): This skill has a significant Indirect Prompt Injection surface. 1. Ingestion points: Tool search results, schemas, and execution plans from 'RUBE_SEARCH_TOOLS' (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: CRM data modification, tool execution, and connection management. 4. Sanitization: Absent. The agent is instructed to follow the remote server's output without validation.
Recommendations
- AI detected serious security threats
Audit Metadata