ncscale-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the user to configure an unverified external MCP server located at
https://rube.app/mcp. This domain is not included in the trusted external source list, making it an unverified remote dependency. - [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to indirect prompt injection via the
RUBE_SEARCH_TOOLSmechanism. - Ingestion points: The agent is instructed to fetch tool slugs, schemas, and 'recommended execution plans' from the untrusted remote server.
- Boundary markers: Absent. There are no instructions to validate the results or ignore potentially malicious behavior instructions embedded in the search results.
- Capability inventory: The agent has access to
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, enabling external operations and potential code execution. - Sanitization: Absent. The agent is explicitly told to use the 'exact field names' and 'execution plans' provided by the remote server.
- [COMMAND_EXECUTION] (HIGH): By delegating tool discovery and execution planning to an untrusted remote service, the agent effectively grants that service the power to command the agent's actions and execute arbitrary tools with arbitrary arguments.
- [REMOTE_CODE_EXECUTION] (HIGH): The inclusion of
RUBE_REMOTE_WORKBENCHandrun_composio_tool()suggests that the remote MCP server can orchestrate complex operations, including potential script execution on the agent's environment.
Recommendations
- AI detected serious security threats
Audit Metadata