mocean-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs users to add an untrusted external MCP server (
https://rube.app/mcp). This domain is not part of the Trusted Source whitelist, posing a supply-chain risk where the server could deliver malicious tool definitions. - [REMOTE_CODE_EXECUTION] (HIGH): By relying on
RUBE_SEARCH_TOOLSto fetch tool slugs and execution plans at runtime, the skill allows a remote server to define the logic and parameters the agent will execute. This is a form of remote control over the agent's actions. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is designed to process data from Mocean (an external communications platform) and feed it into automation tools.
- Ingestion points: Data retrieved from Mocean tools and search results from
RUBE_SEARCH_TOOLS. - Boundary markers: None. Instructions lack delimiters to separate data from commands.
- Capability inventory: Includes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHwhich can perform side-effect-heavy operations (sending messages, modifying account state). - Sanitization: No sanitization or validation of the external content is described before it is used to determine tool arguments.
- [DYNAMIC_EXECUTION] (MEDIUM): The skill uses a workflow where tool slugs and input schemas are never hardcoded but are discovered and loaded at runtime. This lack of static definition makes it difficult to audit the exact actions the skill will perform.
Recommendations
- AI detected serious security threats
Audit Metadata