simple-analytics-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires connecting to an external MCP server at 'https://rube.app/mcp', which is not a trusted source. This creates a dependency on unverified third-party infrastructure.
- REMOTE_CODE_EXECUTION (HIGH): The 'RUBE_REMOTE_WORKBENCH' capability allows for the execution of complex workflows or code on a remote environment. Without verification of the remote server's security, this constitutes a significant RCE risk.
- COMMAND_EXECUTION (HIGH): 'RUBE_MULTI_EXECUTE_TOOL' permits the execution of tools based on schemas and plans retrieved dynamically from the unverified server, providing a wide surface for unauthorized command execution.
- PROMPT_INJECTION (HIGH): Category 8 (Indirect Prompt Injection): The skill ingests external data from Simple Analytics (Ingestion Point) and has high-privilege capabilities including Remote Workbench and Multi Execute (Capability Inventory). There are no delimiters or sanitization steps (Sanitization: Absent) to prevent malicious instructions embedded in the analytics data from hijacking the agent's tools.
Recommendations
- AI detected serious security threats
Audit Metadata