serply-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Dynamic Execution (LOW): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLto perform operations. This involves running tool-based logic on an external workbench, which is the primary intended purpose but carries inherent risks associated with remote execution environments. - Unverifiable Dependencies & Remote Code Execution (LOW): The skill requires connecting to an external MCP server at
https://rube.app/mcp. As this domain is not on the trusted sources list, it is treated as an unverifiable external dependency. - Indirect Prompt Injection (LOW): The skill discovery mechanism (
RUBE_SEARCH_TOOLS) ingests external tool schemas to determine agent actions, creating an attack surface where a compromised or malicious remote server could influence agent behavior. - Ingestion points: Runtime response data from the
rubeMCP server tools. - Boundary markers: Absent; the agent is instructed to follow the discovered schemas directly without delimiters or explicit warnings.
- Capability inventory: Remote tool execution, connection management, and workbench access via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. - Sanitization: No sanitization or validation of the discovered tool schemas or arguments is performed by the skill instructions.
Audit Metadata