mopinion-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (HIGH): The skill instructions require adding an external MCP server endpoint (
https://rube.app/mcp) which is not a known or trusted source. This server provides the definitions for all tools and execution logic used by the skill. - [Remote Code Execution] (HIGH): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL. These capabilities allow for the execution of remote logic or tools defined by the externalrube.appserver, effectively granting the external service control over agent actions. - [Indirect Prompt Injection] (HIGH):
- Ingestion points: Tool schemas, input field definitions, and 'recommended execution plans' are fetched dynamically from
RUBE_SEARCH_TOOLSvia an external network call. - Boundary markers: Absent. The agent is instructed to use the returned fields and logic directly.
- Capability inventory: Access to
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHwhich can perform side effects (file/API operations) in the Mopinion environment. - Sanitization: None. The skill explicitly tells the agent to 'use exact field names and types from the search results' without validation.
- [Command Execution] (MEDIUM): The workflow promotes the execution of arbitrary 'tool slugs' and arguments derived from external search results, which can be manipulated by the remote server to perform unauthorized operations.
Recommendations
- AI detected serious security threats
Audit Metadata