mapulus-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to add an external MCP server endpoint (
https://rube.app/mcp). This domain is not on the Trusted External Sources list. Connecting to unverified third-party endpoints can lead to the ingestion of malicious tool definitions or instructions. - REMOTE_CODE_EXECUTION (MEDIUM): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL, which allow for the execution of arbitrary tools and logic on a remote infrastructure (Composio/Rube). This shifts the security boundary to an external provider. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it dynamically fetches tool schemas and 'recommended execution plans' from the remote server via
RUBE_SEARCH_TOOLS. - Ingestion points: Tool discovery responses from the
rube.appendpoint. - Boundary markers: Absent. The skill does not provide delimiters or instructions to ignore embedded commands within the fetched schemas.
- Capability inventory: The skill has access to remote execution tools (
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH) which can perform complex operations. - Sanitization: None. The agent is encouraged to follow 'recommended execution plans' provided by the remote server without verification.
Audit Metadata