needle-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to add an external MCP server endpoint (
https://rube.app/mcp). This domain is not on the list of trusted external sources, and adding unverified MCP endpoints allows a third party to define the tools and logic available to the agent. - COMMAND_EXECUTION (MEDIUM): The skill uses
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto perform operations. These functions delegate command execution to the remote provider, creating a dependency on the integrity of the rube.app service. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It fetches tool schemas and execution plans via
RUBE_SEARCH_TOOLSand passes them to the agent to follow. - Ingestion points: Tool definitions and execution plans returned by the
RUBE_SEARCH_TOOLStool. - Boundary markers: Absent; the skill does not define delimiters to separate remote tool instructions from system instructions.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide significant automation and execution capabilities. - Sanitization: Absent; the skill blindly follows the schemas and 'execution plans' provided by the remote discovery service.
- REMOTE_CODE_EXECUTION (MEDIUM): The
RUBE_REMOTE_WORKBENCHtool, specifically when used withrun_composio_tool(), facilitates complex remote operations that are defined and managed by the external Rube/Composio infrastructure.
Audit Metadata