The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The skill directs users to add https://rube.app/mcp as an MCP server. This endpoint provides tools like RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL, which facilitate remote execution of tools and potential code execution in a managed environment. The source rube.app is not a recognized trusted provider.
[PROMPT_INJECTION] (HIGH): (Indirect) This skill is designed to process Sidetracker tasks and operations. It lacks explicit boundary markers or sanitization logic. An attacker could place malicious instructions inside a Sidetracker task description or comment, which the agent might then execute using the high-privilege tools available in the Rube MCP toolkit.
Ingestion points: Sidetracker tasks, comments, and metadata processed via RUBE_SEARCH_TOOLS and execution workflows.
Boundary markers: Absent. The instructions do not specify any delimiters to separate untrusted data from system instructions.
Capability inventory: Includes RUBE_MULTI_EXECUTE_TOOL (tool execution), RUBE_MANAGE_CONNECTIONS (authentication/access management), and RUBE_REMOTE_WORKBENCH (remote environment operations).
Sanitization: Absent. No validation or filtering of content fetched from Sidetracker is mentioned.
[COMMAND_EXECUTION] (HIGH): The toolkit provides broad capabilities for executing tools and managing connections. RUBE_REMOTE_WORKBENCH implies significant control over a remote execution context, which can be exploited if the agent is influenced by malicious external data.
[EXTERNAL_DOWNLOADS] (MEDIUM): The setup process requires connecting to an unknown third-party domain (rube.app). While no specific scripts are downloaded in the markdown, the entire functionality of the skill is dependent on this unverifiable remote endpoint, creating a supply chain risk.

sidetracker-automation