signwell-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires an external MCP server configuration (https://rube.app/mcp). This source is not on the trusted list, meaning the code and tool schemas executed are unverified.
- PROMPT_INJECTION (LOW): High surface area for Indirect Prompt Injection (Category 8). Data returned from RUBE_SEARCH_TOOLS (tool schemas and execution plans) is interpolated into the agent's context without sanitization or boundary markers.
- COMMAND_EXECUTION (LOW): The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to perform operations. While these are intended for Signwell automation, they represent a remote command execution surface managed by an untrusted provider.
Audit Metadata