simplesat-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill utilizes dynamic tool discovery via
RUBE_SEARCH_TOOLSto determine execution plans and input schemas at runtime. This creates a surface where a compromised or malicious remote server could influence agent behavior. - Ingestion points: Output from
RUBE_SEARCH_TOOLSandRUBE_GET_TOOL_SCHEMAS(external API). - Boundary markers: Absent; the instructions direct the agent to follow returned schemas and execution plans without explicit sanitization steps.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(arbitrary tool execution based on remote data). - Sanitization: Not present; the skill assumes trust in the tool definitions provided by the MCP endpoint.
- [Unverifiable Dependency] (LOW): The skill requires connection to an external MCP server (
https://rube.app/mcp) which is not on the established trusted source list. Per the risk assessment for the skill's primary purpose, this is considered low risk but noteworthy as the agent depends on this external domain for its core logic.
Audit Metadata