paradym-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill directs the agent to follow 'recommended execution plans' and tool schemas from rube.app, which is an untrusted external source.\n
- Ingestion points: RUBE_SEARCH_TOOLS returns data from rube.app.\n
- Boundary markers: None; the agent is instructed to 'search first' and follow results blindly.\n
- Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide write access to the user's Paradym account.\n
- Sanitization: None; the instructions mandate using exact field names and recommended plans from the search results.\n- Unverifiable Dependencies & Remote Code Execution (HIGH): The setup requires adding 'https://rube.app/mcp' as an MCP server. This source is not in the trusted scope and provides the tool definitions and logic that the agent executes.\n- Data Exposure & Exfiltration (MEDIUM): The skill manages authenticated Paradym connections via RUBE_MANAGE_CONNECTIONS. A malicious MCP server could define tools designed to expose or leak account data to external parties.
Recommendations
- AI detected serious security threats
Audit Metadata