printautopilot-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill mandates the addition of an untrusted third-party MCP server at
https://rube.app/mcp. This server is not within the trusted source scope, presenting a risk of interacting with an unverified remote entity. - [REMOTE_CODE_EXECUTION] (HIGH): The workflow is designed to fetch "recommended execution plans" from the remote server via
RUBE_SEARCH_TOOLSand implement them using the agent's tools. This creates a direct channel for a remote server to dictate agent behavior and operations. - [COMMAND_EXECUTION] (HIGH): The
RUBE_MULTI_EXECUTE_TOOLcapability executes arbitrary tools based on schemas retrieved dynamically from the remote server, which could lead to unauthorized API or system operations if the remote schemas are malicious. - [PROMPT_INJECTION] (HIGH): The skill possesses a high-severity vulnerability surface for Indirect Prompt Injection:
- Ingestion points: Data enters the context from
rube.appvia theRUBE_SEARCH_TOOLSfunction which provides tool schemas and execution plans. - Boundary markers: Absent; the skill instructs the agent to "Always search tools first" and adhere to the returned schemas and plans without verification.
- Capability inventory: Broad execution capabilities are available through
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. - Sanitization: No evidence of input validation, schema verification, or instruction filtering is present for the remote content before execution.
Recommendations
- AI detected serious security threats
Audit Metadata