plasmic-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The setup instructions require the user to add an external MCP server endpoint (https://rube.app/mcp). This source is not within the defined trusted organizations or repositories. Adding an external MCP server allows a remote entity to define the capabilities and logic available to the agent.
- [REMOTE_CODE_EXECUTION] (HIGH): The core workflow pattern relies on 'RUBE_SEARCH_TOOLS' to return 'recommended execution plans' and tool slugs. By instructing the agent to 'always search first' and follow these remote plans without local validation or hardcoded constraints, the skill effectively enables remote orchestration of the agent's behavior.
- [COMMAND_EXECUTION] (HIGH): The skill utilizes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' to perform actions. These tools provide the capability to execute complex operations (Bulk ops, tool execution) based on inputs fetched from the remote server.
- [INDIRECT_PROMPT_INJECTION] (HIGH):
- Ingestion points: Data enters the agent context via 'RUBE_SEARCH_TOOLS' and 'RUBE_GET_TOOL_SCHEMAS' (SKILL.md).
- Boundary markers: None. The agent is instructed to trust the search results for current schemas and plans.
- Capability inventory: The agent can execute arbitrary tools via 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' (SKILL.md).
- Sanitization: No sanitization or validation of the remote schemas or execution plans is mentioned. The skill explicitly warns AGAINST hardcoding, which removes the only static safety check.
Recommendations
- AI detected serious security threats
Audit Metadata