raisely-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connection to an external MCP server located at
https://rube.app/mcp. This domain is not within the trusted source list. The server acts as a remote dependency that defines the available tools and logic for the agent. - [INDIRECT PROMPT INJECTION] (HIGH): This skill exhibits a significant attack surface for indirect injection.
- Ingestion points: Data enters via
RUBE_SEARCH_TOOLS, which provides "tool slugs, input schemas, recommended execution plans, and known pitfalls" from the external server. - Boundary markers: None. There are no instructions to sanitize or validate the schemas/plans returned by the server.
- Capability inventory: The skill possesses high-privilege capabilities including
RUBE_MULTI_EXECUTE_TOOL(execution of actions on Raisely) andRUBE_REMOTE_WORKBENCH(remote code environment). - Sanitization: None detected. The agent is instructed to "Always call RUBE_SEARCH_TOOLS first" and use the exact results for execution.
- [REMOTE_CODE_EXECUTION] (HIGH): The inclusion of
RUBE_REMOTE_WORKBENCHwith the functionrun_composio_tool()suggests the ability to execute code or complex logic in a remote environment managed by the untrustedrube.appendpoint. - [COMMAND_EXECUTION] (HIGH): Through
RUBE_MULTI_EXECUTE_TOOL, the agent can be manipulated into executing arbitrary tool commands if the external schema provider returns malicious tool definitions.
Recommendations
- AI detected serious security threats
Audit Metadata