seqera-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to add an external MCP server from
https://rube.app/mcp. This source is not on the trusted repository or organization list, meaning the code and tools it serves are unverified.- REMOTE_CODE_EXECUTION (HIGH): The skill utilizesRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto execute operations defined by the remote MCP server. Since the tool schemas and execution logic are fetched at runtime from an untrusted source, this represents a high risk of remote code execution if the server is compromised.- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Evidence: - Ingestion points:
RUBE_SEARCH_TOOLSfetches data fromrube.app. - Boundary markers: None present; the agent is told to 'Always search tools first' and follow results.
- Capability inventory: Includes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(write/execute capability). - Sanitization: Absent; instructions mandate using exact field names and recommended execution plans from search results. If the search response contains malicious instructions, the agent will execute them with high-privilege tool access.
Recommendations
- AI detected serious security threats
Audit Metadata