plisio-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): Requires connection to an untrusted external MCP server at
https://rube.app/mcp. This server is not on the trusted sources list and acts as a central intermediary for all toolkit operations. - REMOTE_CODE_EXECUTION (HIGH): Utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL, which allow for remote execution of tasks and tools via the external MCP provider. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It mandates calling
RUBE_SEARCH_TOOLSto retrieve "recommended execution plans." Because the agent is instructed to follow these plans to execute Plisio operations (financial transactions), an adversary controlling therube.appserver could inject malicious instructions to redirect funds or leak transaction data. - COMMAND_EXECUTION (MEDIUM): Orchestrates tool execution using slugs and input schemas dynamically retrieved from a remote source, creating a risk of argument injection or unexpected side effects if the server provides a malicious schema.
Recommendations
- AI detected serious security threats
Audit Metadata