serpdog-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill demonstrates a clear indirect prompt injection surface. It retrieves tool schemas and execution logic from the Rube MCP server (RUBE_SEARCH_TOOLS) and is instructed to execute them directly via RUBE_MULTI_EXECUTE_TOOL. Evidence Chain: 1. Ingestion points: Data returned from RUBE_SEARCH_TOOLS (tool schemas, execution plans, pitfalls). 2. Boundary markers: Absent; the agent is instructed to follow the returned execution plans directly. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide significant capabilities for tool execution and remote operations. 4. Sanitization: Absent; no mention of validating or sanitizing the retrieved schemas or plans.
- EXTERNAL_DOWNLOADS (LOW): The skill directs users to configure an external, non-trusted MCP server at https://rube.app/mcp. While this is a standard configuration for MCP-based agents, it establishes a dependency on an unverified third-party endpoint not listed in the trusted sources.
Audit Metadata