more-trees-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill directs the user to connect to an external MCP server (https://rube.app/mcp), which acts as a remote dependency for the agent's operations.
- PROMPT_INJECTION (LOW): The skill architecture is vulnerable to indirect prompt injection. 1. Ingestion points: Tool schemas and recommended execution plans are retrieved dynamically from the remote endpoint via RUBE_SEARCH_TOOLS. 2. Boundary markers: No delimiters or instructions are used to ensure the agent ignores embedded commands in the fetched schemas. 3. Capability inventory: The skill provides access to high-privilege tools such as RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH for operation execution. 4. Sanitization: There is no logic provided to sanitize or validate the integrity of the remote tool definitions before they are processed by the agent.
Audit Metadata