pdf-api-io-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill relies on an external MCP server at https://rube.app/mcp to function. \n- COMMAND_EXECUTION (LOW): Uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute tasks based on schemas fetched at runtime. \n- PROMPT_INJECTION (LOW): Identified an Indirect Prompt Injection surface (Category 8). Ingestion points: Dynamic tool schemas and plans from RUBE_SEARCH_TOOLS. Boundary markers: None present to delimit tool metadata from instructions. Capability inventory: PDF manipulation and remote tool execution. Sanitization: No explicit validation of metadata provided.
Audit Metadata