mailcheck-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- External Downloads (HIGH): The skill instructs the user to add an untrusted third-party MCP endpoint
https://rube.app/mcpto their configuration. This source is not on the trusted provider list, making its logic unverifiable. - Remote Code Execution (HIGH): Through the MCP server, the agent executes logic provided by the remote endpoint. Tools such as
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide the remote service with direct execution capabilities over the agent's workflow. - Indirect Prompt Injection (HIGH): The skill is highly vulnerable to malicious data processed via the Mailcheck toolkit. Ingestion points: External data from Mailcheck tasks and operations. Boundary markers: No delimiters or isolation instructions are present to separate data from system instructions. Capability inventory: High-impact capabilities including
RUBE_MULTI_EXECUTE_TOOLand remote workbench execution. Sanitization: No sanitization or validation of external input is implemented.
Recommendations
- AI detected serious security threats
Audit Metadata