sap-successfactors-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (HIGH): Requires the addition of an external MCP server endpoint (https://rube.app/mcp) that is not on the trusted source list. Adding untrusted MCP servers allows them to receive the agent's context and perform actions on the user's behalf.
- [Indirect Prompt Injection] (HIGH): The skill is designed to process external data from SAP SuccessFactors and has high-privilege capabilities. 1. Ingestion points: Data retrieved from SAP SuccessFactors via tools. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are specified in SKILL.md. 3. Capability inventory: Includes RUBE_MULTI_EXECUTE_TOOL for execution and RUBE_REMOTE_WORKBENCH for remote task processing. 4. Sanitization: No sanitization logic is provided to handle potentially malicious instructions within employee records or data fields.
- [Dynamic Execution] (MEDIUM): The workflow relies on RUBE_SEARCH_TOOLS to dynamically discover tool schemas and RUBE_REMOTE_WORKBENCH to run tools in a remote environment, which could lead to arbitrary execution if the discovery service or processed data is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata