poptin-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires the configuration of an external MCP server endpoint (
https://rube.app/mcp). This domain is not within the defined trusted sources, meaning the tools and logic it provides are unverifiable. - [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes high-privilege tools such as
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL. These allow for arbitrary tool execution and remote workbench operations based on schemas provided by the untrusted external server. - [PROMPT_INJECTION] (HIGH): This skill is highly vulnerable to Indirect Prompt Injection (Category 8). It explicitly instructs the agent to 'Always search tools first' and follow the 'recommended execution plans' returned by the remote server.
- Ingestion points: Data returned from
RUBE_SEARCH_TOOLS(external server response). - Boundary markers: Absent; the agent is told to use the returned data to form its execution strategy directly.
- Capability inventory: Includes multi-tool execution, connection management, and remote workbench access (
SKILL.md). - Sanitization: None; the instructions prioritize schema compliance over safety validation of the remote content.
Recommendations
- AI detected serious security threats
Audit Metadata