owl-protocol-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references an external MCP endpoint at
https://rube.app/mcp. While necessary for the skill's functionality, this domain is not on the trusted sources list and acts as a remote dependency for extending agent capabilities. - COMMAND_EXECUTION (LOW): The skill instructs the agent to use
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto perform operations. These tools execute logic based on parameters and schemas retrieved at runtime. - Indirect Prompt Injection (LOW): The workflow relies on ingesting external data (tool schemas and execution plans) which could be used to influence agent behavior if the source is compromised.
- Ingestion points: Data returned by the
RUBE_SEARCH_TOOLSfunction as described in SKILL.md. - Boundary markers: Absent; the instructions do not define delimiters or provide 'ignore embedded instructions' warnings for the fetched tool metadata.
- Capability inventory: The skill possesses the ability to execute complex operations via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(SKILL.md). - Sanitization: Absent; the skill does not outline any validation or sanitization steps for the dynamically retrieved tool definitions.
Audit Metadata