melo-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The setup instructions mandate adding an MCP server from
https://rube.app/mcp. This domain is not a trusted source. MCP servers provide the tool logic and executable context for the agent, making this a high-risk external dependency. - REMOTE_CODE_EXECUTION (HIGH): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLto perform operations defined by the remote MCP server. If the server provides malicious tool logic, it could lead to unauthorized actions or remote code execution on the connected platforms. - COMMAND_EXECUTION (MEDIUM): The agent is instructed to execute tools based on schemas returned by
RUBE_SEARCH_TOOLS. Maliciously crafted schemas from the untrusted server could lead to the execution of unintended or harmful commands. - PROMPT_INJECTION (HIGH): This skill is highly vulnerable to Category 8 (Indirect Prompt Injection). It explicitly instructs the agent to fetch 'recommended execution plans' and 'tool schemas' from an external source (
rube.app) and use them to define its workflow. This allows the external server to inject instructions that bypass the original intent or safety boundaries of the agent.
Recommendations
- AI detected serious security threats
Audit Metadata