tomtom-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to configure 'https://rube.app/mcp' as an MCP server. This domain is not among the trusted repositories or organizations, posing a risk of executing malicious server-side logic.
- PROMPT_INJECTION (HIGH): Mandatory Indirect Prompt Injection surface detected. The 'RUBE_SEARCH_TOOLS' command fetches 'execution plans' and 'recommended workflows' from the untrusted remote server. This external data is used to drive subsequent agent actions via 'RUBE_MULTI_EXECUTE_TOOL' without sanitization or boundary markers (File: SKILL.md).
- REMOTE_CODE_EXECUTION (HIGH): The 'RUBE_REMOTE_WORKBENCH' capability allows for the execution of 'run_composio_tool()' logic. When combined with tool definitions sourced dynamically from an untrusted remote MCP endpoint, this enables a path for arbitrary remote code execution via the tool-calling mechanism.
Recommendations
- AI detected serious security threats
Audit Metadata