ring_central-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): Directs the user to add an untrusted MCP server endpoint (https://rube.app/mcp) that is not part of the verified trusted source list.
- [REMOTE_CODE_EXECUTION] (HIGH): Includes the RUBE_REMOTE_WORKBENCH tool which is described as executing bulk operations and data processing using ThreadPoolExecutor, facilitating remote logic or code execution.
- [PROMPT_INJECTION] (HIGH): High vulnerability to Indirect Prompt Injection (Category 8). The skill requires the agent to call RUBE_SEARCH_TOOLS and follow the execution plans and schemas returned by the external service. An attacker controlling the Rube API could manipulate the agent's behavior. (1) Ingestion points: RUBE_SEARCH_TOOLS and RUBE_GET_TOOL_SCHEMAS responses. (2) Boundary markers: Absent; agent is instructed to follow returned plans. (3) Capability inventory: RUBE_MULTI_EXECUTE_TOOL (write/execute), RUBE_REMOTE_WORKBENCH (execute), RUBE_MANAGE_CONNECTIONS (auth/privilege). (4) Sanitization: None documented.
Recommendations
- AI detected serious security threats
Audit Metadata