ocr-web-service-automation
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs the agent to connect to an external MCP server at 'https://rube.app/mcp'. This domain is not a trusted source according to the provided security guidelines, posing a risk that the server could serve malicious tool definitions.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses 'RUBE_SEARCH_TOOLS' for dynamic discovery and 'RUBE_MULTI_EXECUTE_TOOL' for execution. This workflow means the tool schemas and operational logic are retrieved at runtime from an external server, allowing that server to influence the agent's behavior.
- [COMMAND_EXECUTION] (LOW): Susceptibility to Indirect Prompt Injection (Category 8). Ingestion points: The agent processes text extracted from external documents via OCR web services. Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions found in the text. Capability inventory: The skill includes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH', which provide significant interaction capabilities. Sanitization: Absent; extracted text is used directly to drive the automation workflow.
Audit Metadata