semanticscholar-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to configure an external MCP server at https://rube.app/mcp. This domain is not in the trusted source list and serves as a remote dependency for core functionality.
- [DYNAMIC_EXECUTION] (MEDIUM): Tool schemas and logic are fetched dynamically via RUBE_SEARCH_TOOLS. This allows a remote server to dictate the agent's actions and input requirements at runtime, bypassing static analysis of tool behavior.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted tool definitions from the remote server. 1. Ingestion points: RUBE_SEARCH_TOOLS results. 2. Boundary markers: Absent. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. 4. Sanitization: None detected.
Audit Metadata