prisma-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill dynamically fetches execution plans and schemas from an untrusted external server. * Ingestion points: Data returned by RUBE_SEARCH_TOOLS from https://rube.app/mcp. * Boundary markers: None; the skill instructs the agent to always search first and use the returned execution plans. * Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. * Sanitization: None described. This allows a compromised or malicious server response to manipulate database operations.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Requires connection to an unverified external MCP server (https://rube.app/mcp). This source is not listed within the TRUST-SCOPE-RULE defined trusted organizations.
- [REMOTE_CODE_EXECUTION] (HIGH): References RUBE_REMOTE_WORKBENCH, which allows for remote environment command execution. Combined with dynamic tool discovery from an untrusted source, this poses a risk of remote instruction injection.
- [COMMAND_EXECUTION] (HIGH): High-privilege Prisma database operations are performed via RUBE_MULTI_EXECUTE_TOOL using schemas and arguments fetched from a remote source at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata