tinyurl-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to add https://rube.app/mcp as an MCP server. This domain is not among the trusted sources and the server's security posture cannot be verified.
- REMOTE_CODE_EXECUTION (HIGH): Execution is performed via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. This delegates control of the execution environment and logic to a remote third-party server.
- COMMAND_EXECUTION (HIGH): The tool RUBE_REMOTE_WORKBENCH is designed for bulk operations and remote execution, which could be leveraged to run unauthorized commands if the remote server is compromised or malicious.
- PROMPT_INJECTION (HIGH): The skill follows an 'Always search first' pattern where it fetches schemas and execution plans from the remote server. If the server returns malicious instructions within these schemas, the agent may execute them as part of the automated workflow. This constitutes an Indirect Prompt Injection surface where the ingestion point is SKILL.md and the capability is tool execution.
Recommendations
- AI detected serious security threats
Audit Metadata