pipeline-crm-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires the addition of an external MCP server at
https://rube.app/mcp. This domain is not a trusted source and acts as the central controller for the skill's logic. - PROMPT_INJECTION (HIGH): The skill exhibits a high vulnerability to Indirect Prompt Injection (Category 8). \n
- Ingestion points: Tool schemas and execution plans are retrieved from the remote
RUBE_SEARCH_TOOLSendpoint inSKILL.md.\n - Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish between tool definitions and potentially malicious instructions embedded in the remote response.\n
- Capability inventory: The agent can use
RUBE_MULTI_EXECUTE_TOOLfor CRM write operations andRUBE_REMOTE_WORKBENCHfor remote code/tool execution.\n - Sanitization: There is no evidence of validation or sanitization of the data returned from the remote server.\n- REMOTE_CODE_EXECUTION (HIGH): Mentions
RUBE_REMOTE_WORKBENCH, which allows for the execution of tools and potentially arbitrary code in a remote environment managed by an untrusted third party. - COMMAND_EXECUTION (MEDIUM): The skill uses
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto perform side-effect-heavy operations on Pipeline CRM based on dynamically fetched external configurations.
Recommendations
- AI detected serious security threats
Audit Metadata