rootly-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to configure 'https://rube.app/mcp' as an MCP server. This domain and service provider are not on the trusted organizations list provided in the security guidelines.
- PROMPT_INJECTION (LOW): Indirect prompt injection surface (Category 8). The workflow relies on fetching dynamic tool schemas and execution plans from an external provider and acting upon them.
- Ingestion points: Data returned from the RUBE_SEARCH_TOOLS endpoint.
- Boundary markers: Absent; the agent is explicitly told to follow the returned schemas and plans.
- Capability inventory: RUBE_MULTI_EXECUTE_TOOL allows the agent to perform actions within the Rootly platform.
- Sanitization: Absent; the skill does not specify any validation or filtering of the schemas retrieved at runtime.
- REMOTE_CODE_EXECUTION (SAFE): No direct shell script execution or remote code downloading (e.g., via curl|bash) is explicitly present in the skill markdown.
Audit Metadata