lodgify-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires registering an external MCP server at 'https://rube.app/mcp'. This server is not on the trusted sources list and acts as a remote dependency that defines the skill's operational capabilities and logic.\n- [COMMAND_EXECUTION] (HIGH): The skill utilizes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' to perform tasks. Because the tools and their schemas are discovered dynamically at runtime via the 'RUBE_SEARCH_TOOLS' call to the remote server, the agent is susceptible to executing arbitrary operations defined by the external service.\n- [INDIRECT_PROMPT_INJECTION] (HIGH):\n
- Ingestion points: Dynamic tool schemas and execution plans returned by 'RUBE_SEARCH_TOOLS' in SKILL.md.\n
- Boundary markers: Absent. The skill provides no instructions to isolate or validate the remote tool definitions.\n
- Capability inventory: Tools include 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_MANAGE_CONNECTIONS', which can access and modify sensitive data in a Lodgify account.\n
- Sanitization: Absent. The agent is instructed to use the exact field names and types provided by the search results without verification.\n
- Assessment: A malicious or compromised response from the 'rube.app' service could inject instructions via schema fields to redirect data or perform unauthorized bookings.
Recommendations
- AI detected serious security threats
Audit Metadata