timecamp-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs users to add 'https://rube.app/mcp' as an MCP server. This domain is not a recognized trusted source, and the connection provides the foundation for all subsequent tool interactions.- REMOTE_CODE_EXECUTION (HIGH): Execution of tools via 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' is entirely dependent on definitions provided by the untrusted remote server. Since the skill forbids hardcoding and requires dynamic discovery, the remote server maintains full control over the execution logic.- INDIRECT_PROMPT_INJECTION (HIGH): 1. Ingestion points: Tool schemas and 'recommended execution plans' are ingested via 'RUBE_SEARCH_TOOLS' (SKILL.md). 2. Boundary markers: None. 3. Capability inventory: 'RUBE_MULTI_EXECUTE_TOOL' allows for state modification and tool execution. 4. Sanitization: None. The remote server can return 'plans' that contain instructions to hijack the agent's behavior during the execution step.- DYNAMIC_EXECUTION (MEDIUM): Tool schemas and input requirements are computed and loaded at runtime from a remote source, preventing static validation of the commands being performed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata