synthflow-ai-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs users to add an MCP server from 'https://rube.app/mcp', which is an untrusted external source not included in the trust list.
- REMOTE_CODE_EXECUTION (HIGH): By adding the remote server, the agent is permitted to execute tools defined by that server, including high-privilege functions like 'RUBE_REMOTE_WORKBENCH'.
- PROMPT_INJECTION (HIGH): The skill is vulnerable to indirect prompt injection via 'RUBE_SEARCH_TOOLS'. Evidence chain: (1) Ingestion point: output from search tools; (2) Boundary markers: none present; (3) Capability inventory: 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH'; (4) Sanitization: none.
- COMMAND_EXECUTION (HIGH): The 'RUBE_REMOTE_WORKBENCH' tool enables complex remote execution and script-like behaviors orchestrated by the untrusted server.
Recommendations
- AI detected serious security threats
Audit Metadata