rkvst-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to register an external MCP server at 'https://rube.app/mcp'. This domain is not an authorized or trusted source, posing a risk of untrusted tool definitions.
- REMOTE_CODE_EXECUTION (MEDIUM): The use of 'RUBE_REMOTE_WORKBENCH' with 'run_composio_tool()' facilitates remote logic execution, which inherits the security posture of the Rube/Composio backend.
- DYNAMIC_EXECUTION (MEDIUM): Tool schemas and execution plans are fetched at runtime via 'RUBE_SEARCH_TOOLS'. Executing logic based on these dynamically retrieved and unverified schemas is a high-risk pattern.
- INDIRECT_PROMPT_INJECTION (LOW): The skill is vulnerable to poisoned data from the external MCP server. 1. Ingestion point: 'RUBE_SEARCH_TOOLS' response in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess-like execution via 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH'. 4. Sanitization: Absent. The agent relies on external tool slugs and schemas to perform its primary function.
Audit Metadata