maintainx-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires connection to an external MCP endpoint at https://rube.app/mcp. This domain is not within the provided trusted scope, making the source of tool logic unverifiable.
- COMMAND_EXECUTION (HIGH): The skill provides tools like RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH which possess the capability to perform write operations and potentially execute code within a remote workbench environment.
- REMOTE_CODE_EXECUTION (HIGH): The core workflow instructs the agent to fetch and follow 'recommended execution plans' and schemas from a remote server at runtime. This pattern allows the external server to influence agent logic dynamically, equivalent to remote control.
- INDIRECT_PROMPT_INJECTION (HIGH): A critical vulnerability surface exists where the agent ingests untrusted data that influences actions. 1. Ingestion points: Tool schemas, input field names, and 'recommended execution plans' returned by RUBE_SEARCH_TOOLS. 2. Boundary markers: None present; the agent is told to follow the returned instructions exactly. 3. Capability inventory: Connection management, multi-tool execution, and remote workbench access (write/execute capability). 4. Sanitization: None specified; the agent blindly adopts schemas and plans provided by the API.
Recommendations
- AI detected serious security threats
Audit Metadata