mboum-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs the user to add "https://rube.app/mcp" as an MCP server. This is an untrusted external source not included in the allowed trust scope.
- REMOTE_CODE_EXECUTION (HIGH): The skill utilizes "RUBE_REMOTE_WORKBENCH" and "RUBE_MULTI_EXECUTE_TOOL" to execute actions defined by the external Rube service, allowing for remote logic execution.
- COMMAND_EXECUTION (MEDIUM): The "run_composio_tool()" function allows for execution of tools with potential side effects on external accounts.
- PROMPT_INJECTION (HIGH): High risk of Indirect Prompt Injection (Category 8) because the agent is instructed to follow "execution plans" and schemas returned by "RUBE_SEARCH_TOOLS" without validation or sanitization. 1. Ingestion points: RUBE_SEARCH_TOOLS output. 2. Boundary markers: None; the skill explicitly directs the agent to follow the returned plans. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH, RUBE_MANAGE_CONNECTIONS. 4. Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata