twelve-data-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the user to configure an external MCP server endpoint (https://rube.app/mcp). While this is standard for MCP-based skills, rube.app is not on the list of trusted external sources.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) by design.
- Ingestion points: The agent is instructed to call RUBE_SEARCH_TOOLS, which returns 'recommended execution plans' and 'input schemas' from the external Rube server.
- Boundary markers: Absent. The instructions command the agent to 'Always search tools first' and follow the returned logic without verification.
- Capability inventory: The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, which provide significant interaction capabilities with external APIs and potentially remote execution environments.
- Sanitization: None provided. The agent is directed to trust and implement the schemas and plans returned from the network call.
Audit Metadata