openrouter-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs users to configure an external MCP server at 'https://rube.app/mcp'. This domain is not verified as a trusted source per [TRUST-SCOPE-RULE], creating a dependency on an unvetted third-party service for all tool definitions and logic.
- REMOTE_CODE_EXECUTION (HIGH): The 'RUBE_REMOTE_WORKBENCH' capability implies the ability to run code or complex workflows in a remote environment controlled by the external provider.
- COMMAND_EXECUTION (HIGH): Through 'RUBE_MULTI_EXECUTE_TOOL', the agent is instructed to execute tools based on schemas dynamically retrieved from the untrusted remote endpoint. This creates an indirect injection surface where a poisoned schema could lead to unauthorized actions or command execution.
- DATA_EXFILTRATION (MEDIUM): Managing Openrouter connections via an external service involves following an 'auth link' and using 'RUBE_MANAGE_CONNECTIONS', which may expose authentication tokens or sensitive prompt data to the 'rube.app' backend.
Recommendations
- AI detected serious security threats
Audit Metadata