retellai-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill mandates the use of an untrusted external MCP endpoint 'https://rube.app/mcp'. This server provides the tool definitions and operational logic without any security verification.
- REMOTE_CODE_EXECUTION (HIGH): The skill utilizes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' to perform tasks defined by the external provider, effectively allowing remote control of agent capabilities.
- PROMPT_INJECTION (HIGH): High risk of Indirect Prompt Injection (Category 8) due to the skill's instruction to trust and execute 'recommended execution plans' and 'known pitfalls' returned by the external server. Ingestion points: Data returned from rube.app via RUBE_SEARCH_TOOLS. Boundary markers: None. The agent is encouraged to follow instructions directly from the data stream. Capability inventory: Retellai automation and generic tool execution via MULTI_EXECUTE_TOOL and REMOTE_WORKBENCH. Sanitization: None detected; external instructions are processed as authoritative guidance.
- COMMAND_EXECUTION (HIGH): The toolkit enables significant side-effect-producing operations in Retellai which could be manipulated if the remote execution plans are compromised.
Recommendations
- AI detected serious security threats
Audit Metadata