sendbird-ai-chabot-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides tools such as RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, enabling the agent to perform complex operations within the Sendbird ecosystem.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Users are directed to add an external third-party MCP server (https://rube.app/mcp), which introduces dependency on an external provider.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Data entering from Sendbird AI Chabot chat messages. 2. Boundary markers: Absent; no delimiters are used to separate chat data from instructions. 3. Capability inventory: Execution of high-privilege tool slugs via RUBE_MULTI_EXECUTE_TOOL. 4. Sanitization: Absent; no validation or escaping of external content is defined.
Recommendations
- AI detected serious security threats
Audit Metadata