perplexityai-automation
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the configuration of an external MCP server at
https://rube.app/mcp. This source is not part of the verified trusted source list, creating a runtime dependency on unverified infrastructure.\n- [COMMAND_EXECUTION] (MEDIUM): The skill usesRUBE_MULTI_EXECUTE_TOOLto perform actions based on schemas discovered at runtime. This allows the remote server to dictate the agent's available actions and arguments.\n- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it treats remote tool discovery as authoritative.\n - Ingestion points:
RUBE_SEARCH_TOOLSresponse content.\n - Boundary markers: Absent; the agent is instructed to "use exact field names and types from the search results" without delimitation.\n
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide execution and workflow automation capabilities.\n - Sanitization: Absent; the skill lacks any validation or filtering of the schemas returned by the remote server.
Audit Metadata