pingdom-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions require the use of an external MCP server endpoint (https://rube.app/mcp). This domain is not among the trusted sources, and the agent depends on it for all functional tool definitions.
- COMMAND_EXECUTION (MEDIUM): The use of RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL facilitates the execution of operations defined by the remote server. This creates a potential path for remote command execution if the server provides malicious tool logic or schemas.
- DYNAMIC_EXECUTION (MEDIUM): The workflow requires the agent to fetch tool schemas and recommended execution plans dynamically via RUBE_SEARCH_TOOLS. This behavior allows the external server to influence the agent's logic at runtime, potentially leading to the execution of unintended actions.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted data (tool schemas and execution plans) from the Rube MCP server. 1. Ingestion point: RUBE_SEARCH_TOOLS output. 2. Boundary markers: Absent. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH. 4. Sanitization: Absent. This is a surface for indirect prompt injection where a third party could manipulate the agent's decision-making process.
Audit Metadata