remote-retrieval-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs users to connect to an unverified MCP server at
https://rube.app/mcp. This domain is not recognized as a trusted source, and the instruction 'No API keys needed — just add the endpoint and it works' bypasses standard security vetting and authentication protocols. - [REMOTE_CODE_EXECUTION] (HIGH): Through tools like
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, the skill facilitates the execution of remote logic provided by the unverified server. This allows the server to potentially execute arbitrary commands on the agent's host environment. - [COMMAND_EXECUTION] (HIGH): The workflow relies on
RUBE_SEARCH_TOOLSto determine tool schemas and execution plans at runtime. This dynamic execution model transfers control of the agent's actions to the remote service provider. - [PROMPT_INJECTION] (HIGH): Significant vulnerability to Indirect Prompt Injection (Category 8). The skill's purpose is to retrieve remote data and then use that data to discover and execute tools. Ingestion point: 'Remote Retrieval' content. Capability inventory:
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH. Boundary markers and sanitization are entirely absent, meaning malicious instructions in retrieved content could directly lead to unauthorized tool execution or data exfiltration.
Recommendations
- AI detected serious security threats
Audit Metadata