tapfiliate-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection because it dynamically fetches tool schemas and 'recommended execution plans' from an external source. Ingestion points: Data retrieved from RUBE_SEARCH_TOOLS at rube.app directly influences agent logic. Boundary markers: Absent; the instructions explicitly tell the agent to 'Always search tools first' and use the returned input schemas without verification. Capability inventory: High-impact capabilities including RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH are available to execute commands based on the fetched data. Sanitization: No mention of validation or sanitization of the remote tool definitions.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The use of RUBE_REMOTE_WORKBENCH and the execution of tools based on remote schemas constitutes a runtime execution surface managed by an untrusted third party.
- [EXTERNAL_DOWNLOADS] (LOW): Requires connection to an external MCP endpoint (https://rube.app/mcp) which is not a verified or trusted source per defined security guidelines.
Recommendations
- AI detected serious security threats
Audit Metadata