recallai-automation
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the configuration of an external MCP server at
https://rube.app/mcp. This domain is not on the list of trusted providers (e.g., Anthropic, OpenAI, Microsoft), representing an unverifiable remote dependency that defines the agent's available tools. - COMMAND_EXECUTION (MEDIUM): The skill utilizes
RUBE_REMOTE_WORKBENCH, which suggests a remote environment for code or tool execution. Remote workbenches often involve elevated capabilities that could be exploited if the underlying service is compromised. - PROMPT_INJECTION (LOW): As a tool designed to process Recallai data (meeting records), the skill is susceptible to indirect prompt injection. Malicious instructions embedded in a meeting transcript or tool discovery metadata could attempt to hijack the agent's logic during the
RUBE_MULTI_EXECUTE_TOOLstep. - Ingestion points:
RUBE_SEARCH_TOOLS(tool schemas) and Recallai meeting data processed by various tool slugs. - Boundary markers: Absent; no instructions are provided to the agent to treat tool output or search results as untrusted data.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH, andRUBE_MANAGE_CONNECTIONSallow for complex, state-changing operations. - Sanitization: No sanitization or validation of dynamic tool arguments is specified before they are passed to the execution tools.
Audit Metadata