sage-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to add an external MCP server (
https://rube.app/mcp) that is not part of a trusted organization. This allows the remote server to define tool behaviors and schemas within the agent's environment. - DATA_EXFILTRATION (MEDIUM): Financial data from Sage is routed through
rube.app. Because this domain is not a trusted source, there is a risk of sensitive data exposure or unauthorized collection of accounting records during tool execution. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection. Ingestion points: External tool schemas and recommended execution plans are ingested from the remote server via
RUBE_SEARCH_TOOLS. Boundary markers: Absent; the instructions tell the agent to follow the search results and schemas implicitly. Capability inventory: TheRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHtools provide significant write-access to financial data. Sanitization: Absent; the agent is instructed to use the exact field names and types returned by the untrusted search tool without validation.
Audit Metadata