microsoft-tenant-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs users to add an untrusted external MCP server endpoint (https://rube.app/mcp) which is not within the defined trust scope.
- [REMOTE_CODE_EXECUTION] (HIGH): The tools
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLfacilitate the execution of logic and workflows defined by the remote MCP server. - [COMMAND_EXECUTION] (HIGH): The skill automates administrative tasks on Microsoft Tenants; unauthorized execution of these tools could lead to total tenant compromise.
- [PROMPT_INJECTION] (HIGH): Vulnerable to Category 8 (Indirect Prompt Injection) as it relies on external content to drive logic. Ingestion points: Tool definitions and execution plans retrieved from
RUBE_SEARCH_TOOLS. Boundary markers: None present; the skill explicitly directs the agent to follow the remote source's schemas and plans. Capability inventory: High-privilege tenant modification viaRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. Sanitization: No validation or filtering of remote tool schemas or execution plans is performed.
Recommendations
- AI detected serious security threats
Audit Metadata