seismic-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill has a high-risk attack surface because it instructs the agent to ingest and follow "recommended execution plans" and tool schemas from an external source (
RUBE_SEARCH_TOOLS). - Ingestion points: Output from the
RUBE_SEARCH_TOOLScall as described inSKILL.md. - Boundary markers: Absent. The instructions tell the agent to "Always search tools first" and use the results without verification.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide the capability to execute tool sequences and code in a remote environment. - Sanitization: Absent. The skill directs the agent to use exact field names and types from search results.
- [External Downloads] (MEDIUM): The skill requires the configuration of an external third-party MCP server (
https://rube.app/mcp). This endpoint dynamically defines the tools and behaviors available to the agent at runtime. - [Remote Code Execution] (MEDIUM): The use of
RUBE_REMOTE_WORKBENCHindicates capabilities for running remote tasks or scripts, which increases the impact if the agent follows a malicious execution plan. - [Command Execution] (MEDIUM):
RUBE_MULTI_EXECUTE_TOOLallows for the automated execution of various tools with parameters fetched dynamically from the network.
Recommendations
- AI detected serious security threats
Audit Metadata