timekit-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs users to add 'https://rube.app/mcp' as an MCP server endpoint. This introduces a dependency on an external, unverified third-party infrastructure that is not included in the trusted provider list, allowing it to serve executable tool definitions to the agent.
- REMOTE_CODE_EXECUTION (HIGH): By utilizing 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH', the skill enables the remote server to define and execute complex workflows. This grants the external endpoint the ability to trigger arbitrary actions or code execution via its tool schemas.
- INDIRECT_PROMPT_INJECTION (HIGH): The skill enforces a pattern where the agent must 'Always search tools first' using 'RUBE_SEARCH_TOOLS'. This design means the agent's instructions and execution parameters are dynamically retrieved from an untrusted external source, making the agent highly vulnerable to malicious tool schemas or instruction overrides returned by the remote server.
Recommendations
- AI detected serious security threats
Audit Metadata