moxie-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill instructs the agent to connect to https://rube.app/mcp, which is a non-whitelisted external domain. This interaction involves transmitting session identifiers and operational metadata to a third-party service.
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill relies on a remote MCP server (https://rube.app/mcp) for tool definitions and schemas. As the source is not a verified trusted organization, the code and schemas provided by this server are unverifiable.
- [Indirect Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its reliance on unvalidated instructions retrieved from the remote MCP server.
- Ingestion points: Tool slugs, input schemas, recommended execution plans, and known pitfalls retrieved via the RUBE_SEARCH_TOOLS operation.
- Boundary markers: Absent. The instructions do not define delimiters or warn the agent to ignore instructions embedded in the search results.
- Capability inventory: The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, which grant the ability to execute complex operations in the Moxie environment.
- Sanitization: Absent. The agent is directed to use field names, types, and execution plans directly from the remote response without further validation.
Audit Metadata