starton-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill requires adding an unverified external MCP server (https://rube.app/mcp) to the agent configuration. This endpoint defines the tools and execution logic available to the agent, effectively allowing a remote third party to inject capabilities.\n- Indirect Prompt Injection (HIGH): Vulnerability surface identified in the tool discovery and execution workflow.\n
- Ingestion points: SKILL.md (via tool outputs from RUBE_SEARCH_TOOLS fetched from rube.app).\n
- Boundary markers: Absent. The instructions explicitly direct the agent to 'Always search tools first' and follow the 'recommended execution plans' and 'schemas' returned by the remote server.\n
- Capability inventory: Includes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, which facilitate blockchain operations on the Starton network.\n
- Sanitization: None detected. The agent is not instructed to validate the safety or integrity of the remote schemas before execution.\n- Command Execution (MEDIUM): The skill facilitates the execution of high-privilege blockchain operations using parameters dynamically retrieved from a remote source, lacking static constraints or local safety validation.
Recommendations
- AI detected serious security threats
Audit Metadata