linguapop-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires connection to a remote MCP server at 'https://rube.app/mcp'. This domain is not on the trusted sources list. While this is standard for MCP integrations, it introduces a dependency on external infrastructure.
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface (Category 8). The skill dynamically fetches tool schemas and execution plans via 'RUBE_SEARCH_TOOLS'.
- Ingestion points: Untrusted data enters the agent context via tool discovery responses from the Rube MCP server.
- Boundary markers: None identified; the skill instructions do not specify delimiters to separate tool schemas from instruction logic.
- Capability inventory: The skill possesses significant capabilities including 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH', which can perform arbitrary actions defined by the toolkit.
- Sanitization: No evidence of sanitization or validation of the fetched schemas before they are used to generate execution plans.
Audit Metadata