parsera-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires connecting to an untrusted external MCP server at https://rube.app/mcp. This server is not on the predefined list of trusted organizations or repositories.
- REMOTE_CODE_EXECUTION (HIGH): The core workflow relies on RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute tools. The specific tools, their slugs, and their input schemas are fetched dynamically from the remote MCP server at runtime. This allows the remote server to dictate which code or tools the agent executes.
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. Evidence: 1. Ingestion point: RUBE_SEARCH_TOOLS fetches 'recommended execution plans' and 'known pitfalls' from the external server. 2. Boundary markers: Absent; instructions tell the agent to 'Always search tools first' and follow the 'exact field names'. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL can execute arbitrary Parsera or Composio tools. 4. Sanitization: Absent; the agent is directed to trust and follow the schemas provided by the remote endpoint.
Recommendations
- AI detected serious security threats
Audit Metadata