servicem8-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to add an untrusted external MCP endpoint at https://rube.app/mcp. This domain is not part of the established trusted organizations or repositories list. This finding is mitigated to LOW for the final verdict as it is the primary intended function of the skill.
- [PROMPT_INJECTION] (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8). 1. Ingestion points: External data enters the agent context via RUBE_SEARCH_TOOLS (SKILL.md). 2. Boundary markers: Absent. No instructions are provided to the agent to ignore instructions embedded in the external discovery output. 3. Capability inventory: The skill can perform state-changing operations via RUBE_MULTI_EXECUTE_TOOL. 4. Sanitization: Absent. There is no requirement for the agent to sanitize or validate schemas returned by the untrusted discovery service.
Audit Metadata