keen-io-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The setup instructions direct users to add 'https://rube.app/mcp' as an MCP server. As this domain is not within the trusted scope, it constitutes an untrusted external dependency that provides the logic for the agent's tools.- COMMAND_EXECUTION (MEDIUM): Through 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH', the skill enables execution of operations defined by a remote source. This dynamic behavior can be exploited if the remote server returns malicious tool configurations.- INDIRECT_PROMPT_INJECTION (LOW): The skill demonstrates an indirect injection surface. 1. Ingestion points: Tool schemas and execution plans fetched from 'RUBE_SEARCH_TOOLS'. 2. Boundary markers: Absent; the agent is instructed to follow the schemas and execution plans directly. 3. Capability inventory: Includes tool execution via 'RUBE_MULTI_EXECUTE_TOOL' and remote operations via 'RUBE_REMOTE_WORKBENCH'. 4. Sanitization: Absent; no validation or escaping of the remote schemas is described.
Audit Metadata