superchat-automation
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [External Reference] (LOW): The skill instructs users to configure an external MCP server endpoint (
https://rube.app/mcp). This domain is not part of the trusted source list. While common for MCP-based skills, it introduces a dependency on third-party infrastructure for tool definitions. - [Indirect Prompt Injection] (LOW): The skill design relies on dynamic tool discovery which creates an ingestion surface for untrusted data.
- Ingestion points: Tool schemas, slugs, and execution plans returned by the
RUBE_SEARCH_TOOLSfunction at runtime. - Boundary markers: Absent. The instructions explicitly tell the agent to use 'exact field names' from search results without verification.
- Capability inventory: The
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfunctions provide significant operational capabilities, including remote execution of tasks. - Sanitization: Absent. There are no instructions to validate or sanitize the schemas provided by the remote server before they are used to generate execution arguments.
- [No Code] (SAFE): The skill consists entirely of Markdown documentation and configuration instructions. It does not package any scripts or binary files, reducing the risk of direct malicious code execution from the skill package itself.
Audit Metadata