timely-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires adding an untrusted external MCP server endpoint (
https://rube.app/mcp). - Evidence: The 'Setup' section instructs users to add this URL as an MCP server endpoint.
- Risk: This endpoint is not from a trusted source and the service logic is opaque, creating a dependency on an unverified third party.
- PROMPT_INJECTION (HIGH): High-risk Indirect Prompt Injection vulnerability surface (Category 8).
- Ingestion points: Data retrieved from Timely (project names, task descriptions, notes) via tool outputs.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide the ability to modify data or execute operations in Timely. - Boundary markers: None identified in the prompts; the agent is simply told to use discovered schemas.
- Sanitization: No sanitization or validation of the data retrieved from Timely is mentioned before it is used to influence further tool calls.
- Risk: An attacker could place malicious instructions in a Timely task description which, when read by the agent, could trigger unauthorized actions (e.g., deleting projects or exfiltrating data).
- PROMPT_INJECTION (MEDIUM): The skill instructs the agent to follow 'recommended execution plans' returned by the remote
RUBE_SEARCH_TOOLScall. This allows the remote service to influence the agent's behavioral logic dynamically.
Recommendations
- AI detected serious security threats
Audit Metadata