pdfless-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill directs users to add an external MCP server endpoint (
https://rube.app/mcp). This domain is not categorized as a trusted source, and connecting to third-party endpoints involves trusting the remote provider's code and infrastructure. - [PROMPT_INJECTION] (LOW): Detected surface for Indirect Prompt Injection (Category 8). The skill's architecture relies on the agent fetching and executing instructions from a remote source. * Ingestion points: Data enters the agent's context through results from
RUBE_SEARCH_TOOLS. * Boundary markers: Absent; there are no instructions to delimit or verify the content of the fetched tool schemas or execution plans. * Capability inventory: Includes powerful tools likeRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHwhich can execute complex workflows based on remote input. * Sanitization: Absent; instructions encourage the agent to strictly follow the schemas and parameters provided by the remote server.
Audit Metadata