safetyculture-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection because it processes external data from the Safetyculture platform and executes tools based on that data.\n
- Ingestion points: Data returned from Safetyculture tool outputs and dynamic tool schemas fetched via
RUBE_SEARCH_TOOLS.\n - Boundary markers: Absent; the skill does not define delimiters or provide instructions to the agent to ignore embedded commands in external content.\n
- Capability inventory: Includes
RUBE_MULTI_EXECUTE_TOOLfor tool execution andRUBE_REMOTE_WORKBENCHfor bulk operations, allowing for significant state changes.\n - Sanitization: No evidence of sanitization or validation of the external content before it is used to drive agent decisions or tool arguments.\n- External Downloads (MEDIUM): The skill requires the addition of an external MCP server at
https://rube.app/mcp. This domain is not in the trusted source list, introducing a dependency on unverified remote logic.\n- Command Execution (MEDIUM): The skill relies onRUBE_MULTI_EXECUTE_TOOLto perform actions using tool slugs and schemas discovered at runtime from a remote source, which could be manipulated to execute unintended operations if the remote server or the ingested data is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata