langbase-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the user to add an external MCP server (https://rube.app/mcp). While necessary for the skill's function, this domain is not on the list of trusted external sources.
- PROMPT_INJECTION (LOW): The skill relies on external tool discovery which creates a surface for indirect prompt injection. 1. Ingestion points: The agent consumes 'recommended execution plans' and schemas from the RUBE_SEARCH_TOOLS response. 2. Boundary markers: No delimiters or ignore-instructions warnings are present in the core workflow instructions. 3. Capability inventory: The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, allowing for complex external operations. 4. Sanitization: There is no evidence of sanitization or verification for the instructions returned by the remote discovery service.
Audit Metadata