pdfmonkey-automation
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the user to add an external MCP server from an untrusted domain:
https://rube.app/mcp. This domain is not part of the trusted ecosystem, and adding remote MCP endpoints can expose the agent's context and capabilities to a third party.- [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill's core logic involves fetching tool schemas and 'recommended execution plans' from the remoteRUBE_SEARCH_TOOLSendpoint. This external data directly influences the agent's actions. - Ingestion points:
RUBE_SEARCH_TOOLSresponse body. - Boundary markers: Absent; the agent is instructed to use the returned schemas and plans directly.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHwhich can modify external Pdfmonkey data. - Sanitization: Absent; the skill explicitly advises using the exact field names and types returned by the remote search result.- [COMMAND_EXECUTION] (LOW): The skill uses
RUBE_MULTI_EXECUTE_TOOLto perform operations on Pdfmonkey. While limited to the scope of the Pdfmonkey API, it grants the agent the ability to execute side-effecting operations based on instructions from the untrusted MCP server.
Audit Metadata