oncehub-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill directs the agent to connect to an external MCP server at 'https://rube.app/mcp'. This domain is not included in the pre-defined Trusted External Sources list, representing a dependency on an external third-party service.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it fetches and acts upon data from an external source. Ingestion points: Tool schemas and execution plans returned by 'RUBE_SEARCH_TOOLS'. Boundary markers: Absent; the instructions do not provide delimiters to separate tool data from instructions. Capability inventory: High-impact capabilities including 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' are used to execute actions based on fetched data. Sanitization: Absent; the instructions mandate using exact fields from search results without validation.
Audit Metadata