klipfolio-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The setup instructions require adding 'https://rube.app/mcp' as an MCP server. This endpoint is not on the trusted source list and acts as a remote dependency that controls agent capabilities.
- REMOTE_CODE_EXECUTION (HIGH): The skill executes remote tools via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. Since the tool definitions are provided by the external MCP server, this constitutes a remote code execution vector where the external provider defines the logic being run. - COMMAND_EXECUTION (HIGH): Tools like
RUBE_REMOTE_WORKBENCHfacilitate arbitrary execution environments, posing a significant risk if the remote server returns malicious tool configurations. - **PROMPT_INJECTION (Category 8
- HIGH):** The skill exhibits a high-risk indirect injection surface.
- Ingestion points:
RUBE_SEARCH_TOOLSfetches tool slugs, input schemas, and 'recommended execution plans' from the remote server (SKILL.md). - Boundary markers: Absent. The agent is told to 'Always call RUBE_SEARCH_TOOLS first' and follow the returned plans without validation.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide write and execution capabilities (SKILL.md). - Sanitization: None. The instructions mandate using the exact field names and types from the remote search results.
Recommendations
- AI detected serious security threats
Audit Metadata