nasdaq-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection because it commands the agent to dynamically fetch its execution plans and tool schemas from an external source. Ingestion point:
RUBE_SEARCH_TOOLSresponse from rube.app. Boundary markers: None present; the instructions tell the agent to 'Always search tools first' and follow the results. Capability inventory:RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide the ability to execute remote actions. Sanitization: None; the agent is explicitly told to use 'exact field names' from the untrusted search results. - [REMOTE_CODE_EXECUTION] (HIGH): The skill enables the execution of remote functions defined by a third-party server (
rube.app) using tools likeRUBE_MULTI_EXECUTE_TOOL. Since the server is not a trusted source, it can define and trigger malicious tool executions. - [EXTERNAL_DOWNLOADS] (MEDIUM): The setup process requires adding a third-party MCP endpoint (
https://rube.app/mcp) which is not within the analyzer's defined trusted scope, facilitating the retrieval of untrusted logic.
Recommendations
- AI detected serious security threats
Audit Metadata