supportbee-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a high-risk attack surface by processing untrusted data (Supportbee tickets/customer messages) while maintaining write/execute capabilities.
- Ingestion points: External content enters the agent context through
RUBE_SEARCH_TOOLSand tool output results from Supportbee. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill.
- Capability inventory: The skill utilizes
RUBE_MULTI_EXECUTE_TOOLfor writing/modifying data andRUBE_REMOTE_WORKBENCHfor potentially arbitrary remote execution. - Sanitization: No evidence of input validation or output escaping for external content.
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill relies on an external, untrusted endpoint
https://rube.app/mcpas its primary infrastructure. - Remote execution: Uses
RUBE_REMOTE_WORKBENCHwhich facilitates execution in a remote environment managed by an untrusted third party. - Dynamic execution: The agent is explicitly instructed to 'Always search first' and use discovered tool schemas, meaning the remote server can inject new tools or modify execution logic at runtime without local verification.
- Privilege Escalation (MEDIUM): The
RUBE_REMOTE_WORKBENCHcapability provides an execution context that may have broader permissions than the agent's local environment, potentially allowing for sandbox escapes or broader network access.
Recommendations
- AI detected serious security threats
Audit Metadata