radar-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to add an MCP server from an untrusted endpoint (https://rube.app/mcp). This source is not on the trusted list, allowing a third party to control the tool definitions and logic provided to the agent.
- REMOTE_CODE_EXECUTION (HIGH): The inclusion of RUBE_REMOTE_WORKBENCH indicates a high-privilege capability for executing code in a remote environment, which bypasses local security boundaries and can lead to unauthorized system access.
- COMMAND_EXECUTION (MEDIUM): The skill orchestrates multi-tool execution (RUBE_MULTI_EXECUTE_TOOL) based on dynamically retrieved schemas, which increases the complexity and potential for unauthorized action if the remote schemas are compromised.
- PROMPT_INJECTION (HIGH): This skill is highly susceptible to indirect prompt injection. It mandates fetching 'recommended execution plans' and 'tool schemas' from a remote source (RUBE_SEARCH_TOOLS) and following them without sanitization. (Evidence: Ingestion point: RUBE_SEARCH_TOOLS response; Boundary markers: Absent; Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH; Sanitization: Absent).
Recommendations
- AI detected serious security threats
Audit Metadata