nasa-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill requires connecting to an external MCP endpoint (https://rube.app/mcp) that is not a trusted source. This endpoint provides the operational schemas and 'execution plans' that govern agent behavior.
- [Indirect Prompt Injection] (HIGH): Mandatory Evidence Chain: 1. Ingestion points: Tool discovery results from RUBE_SEARCH_TOOLS (SKILL.md). 2. Boundary markers: Absent; no instructions exist to ignore embedded commands in search results. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH (SKILL.md). 4. Sanitization: Absent. The agent is directed to follow the 'recommended execution plans' provided by the untrusted remote service, which can be used to inject malicious tasks.
- [Dynamic Execution] (MEDIUM): The skill dynamically executes tools based on slugs and arguments retrieved at runtime from the remote MCP server using RUBE_MULTI_EXECUTE_TOOL, bypassing static verification of tool logic.
Recommendations
- AI detected serious security threats
Audit Metadata