refiner-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructions require adding an MCP server from
https://rube.app/mcp. This domain is not included in the list of trusted organizations, representing an external dependency on an unverified source. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection via its dynamic tool discovery workflow. 1. Ingestion points: Tool schemas and execution plans are ingested from the external Rube MCP server via
RUBE_SEARCH_TOOLS. 2. Boundary markers: Absent; the agent is instructed to follow the discovered schemas directly. 3. Capability inventory: The agent can execute arbitrary tools viaRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. 4. Sanitization: No sanitization or validation of the externally provided tool schemas is performed before execution.
Audit Metadata