tomba-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High risk of indirect prompt injection. Ingestion points: Data from Tomba (external leads and emails) via Rube MCP. Boundary markers: No delimiters or protective instructions are used when handling external data. Capability inventory: RUBE_MULTI_EXECUTE_TOOL provides significant write and execute permissions. Sanitization: No sanitization of ingested content before its use in tool calls.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on an external, unverified MCP server endpoint at https://rube.app/mcp, which is not a pre-approved trusted source.
- [COMMAND_EXECUTION] (MEDIUM): Uses dynamic schema discovery via RUBE_SEARCH_TOOLS, allowing the agent to execute tools based on schemas fetched at runtime, which could be poisoned by an attacker-controlled discovery response.
Recommendations
- AI detected serious security threats
Audit Metadata