pdf-co-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (HIGH): The skill directs users to add a remote MCP server from
https://rube.app/mcp. This source is not on the trusted list, meaning the agent relies on unverified remote tool definitions and logic. - [Indirect Prompt Injection] (HIGH): The skill is designed to process external PDF documents using the
pdf_cotoolkit. These documents are untrusted data sources that can contain malicious instructions. Evidence Chain: 1. Ingestion points: Data processed via PDF.co operations (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory:RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. 4. Sanitization: None described. - [Dynamic Execution] (MEDIUM): The workflow relies on
RUBE_SEARCH_TOOLSto dynamically retrieve tool schemas and execution plans at runtime, which are then passed toRUBE_MULTI_EXECUTE_TOOL. This creates a dependency on the integrity of the remote MCP server's responses.
Recommendations
- AI detected serious security threats
Audit Metadata