sourcegraph-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It is designed to ingest and process external content (Sourcegraph repositories) which could contain malicious instructions. 1. Ingestion points: Sourcegraph file content and search results retrieved via Rube tools. 2. Boundary markers: Absent; there are no instructions to the agent to treat repository content as untrusted or to ignore embedded instructions. 3. Capability inventory: Includes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, allowing for significant side effects. 4. Sanitization: Absent; the agent is instructed to follow schemas provided by the remote tool search.
- REMOTE_CODE_EXECUTION (MEDIUM): The presence of RUBE_REMOTE_WORKBENCH indicates that logic is executed within a remote environment provided by the Rube/Composio platform. While part of the tool's design, this shifts the trust boundary to an external provider.
- EXTERNAL_DOWNLOADS (LOW): The skill requires the user to manually add an external MCP endpoint (https://rube.app/mcp). While this is the intended use case, it establishes a dependency on an external, unverified server for tool definitions and logic.
Recommendations
- AI detected serious security threats
Audit Metadata