nano-nets-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the addition of an external MCP server endpoint (https://rube.app/mcp). This source is not within the defined list of trusted organizations or repositories.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill utilizes RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL. These tools allow for the execution of logic and multi-step tasks on a remote environment provided by Rube/Composio, which may involve arbitrary execution outside the agent's local security boundaries.
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Data retrieved from Nano Nets (e.g., OCR results, document content) via the nano_nets toolkit as specified in SKILL.md. 2. Boundary markers: Absent. The skill instructions tell the agent to follow execution plans and schemas returned by the external tools without providing delimiters or ignore instructions for the content. 3. Capability inventory: The skill possesses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH in SKILL.md, which grant significant side effects and execution power. 4. Sanitization: Absent. No instructions are provided to sanitize or validate external content before it is processed or used to drive subsequent tool actions.
Recommendations
- AI detected serious security threats
Audit Metadata