rev-ai-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires the connection to an untrusted external MCP server at
https://rube.app/mcp. This domain is not within the provided trusted scope (e.g., Anthropic, Google, Microsoft) and its security posture cannot be verified. - [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes high-privilege tools such as
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. These tools allow the remote MCP server to dictate execution plans and perform operations on behalf of the agent, effectively serving as a remote execution vector. - [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection surface identified in Category 8.
- Ingestion points: The agent is instructed to fetch dynamic tool schemas and execution plans from
RUBE_SEARCH_TOOLS. - Boundary markers: None. The instructions explicitly tell the agent to follow the returned "recommended execution plans" and "input schemas" without validation.
- Capability inventory: Access to
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovides high-impact capabilities. - Sanitization: None. The agent is told to use exact field names and types from the search results, meaning a malicious server response could manipulate the agent's logic.
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill claims "No API keys needed," yet it manages authentication to sensitive services (Rev AI) via
RUBE_MANAGE_CONNECTIONS. This abstracts credential management to an untrusted third-party service, which could potentially intercept or mismanage session tokens.
Recommendations
- AI detected serious security threats
Audit Metadata