parallel-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill implements a dynamic discovery pattern where the agent fetches execution plans and tool schemas from an external source at runtime.
- Ingestion points: Data returned by
RUBE_SEARCH_TOOLSas described inSKILL.md. - Boundary markers: Absent; the instructions tell the agent to follow the returned schema and plans exactly ("Always search tools first", "Use exact field names").
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHallow the agent to perform actions based on the fetched data. - Sanitization: No sanitization or validation logic is specified for the external schemas before execution.
- Remote Code Execution (LOW): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL. These tools allow for the execution of remote logic and operations provided by the Parallel toolkit. This is within the skill's primary purpose but represents a significant capability tier. - External Downloads (LOW): The setup process requires adding a third-party MCP server endpoint (
https://rube.app/mcp). While necessary for the skill, this domain is not on the trusted sources list and provides the core logic for the agent's operations.
Audit Metadata