streamtime-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the user to add 'https://rube.app/mcp' as an MCP server. This domain is not on the trusted sources list, making any logic or tools it provides unverified.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' to execute logic provided by the remote MCP server. This allows for arbitrary remote tool execution within the agent's environment.
- [COMMAND_EXECUTION] (HIGH): The core functionality involves executing complex workflows and 'Streamtime operations' which have direct side effects on external accounts and data.
- [PROMPT_INJECTION] (HIGH): Significant Indirect Prompt Injection surface. The agent is instructed to 'Always search tools first' via 'RUBE_SEARCH_TOOLS', which returns schemas and 'recommended execution plans' from an untrusted remote source. This data is used to construct and execute commands without sanitization or boundary markers.
Recommendations
- AI detected serious security threats
Audit Metadata