twocaptcha-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): Directs users to add an untrusted external MCP server endpoint (
https://rube.app/mcp). This domain is not on the list of trusted providers, posing a risk to the integrity of tool definitions and logic. - [COMMAND_EXECUTION] (HIGH): Facilitates arbitrary tool execution through
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. These capabilities present a high attack surface when coupled with dynamic data. - [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Results and metadata from Twocaptcha operations. 2. Boundary markers: Absent; no instructions provided to ignore embedded commands in captcha data. 3. Capability inventory: Significant execution capability via
RUBE_MULTI_EXECUTE_TOOL. 4. Sanitization: None; tool outputs are used directly to drive agent workflows. - [DYNAMIC_EXECUTION] (MEDIUM): The workflow requires runtime discovery of tool slugs and schemas via
RUBE_SEARCH_TOOLS. If the discovery service provides malicious schemas, it could lead to the execution of unintended commands.
Recommendations
- AI detected serious security threats
Audit Metadata