typefully-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): Requires connection to an external MCP server endpoint at 'https://rube.app/mcp'. This domain is not among the trusted sources, requiring users to verify the provider independently.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): Employs 'RUBE_REMOTE_WORKBENCH' to run tools on a remote workbench environment, which introduces risk if the third-party platform is compromised.\n- [COMMAND_EXECUTION] (LOW): Uses 'RUBE_MULTI_EXECUTE_TOOL' for performing automated tasks via discovered tool slugs.\n- [PROMPT_INJECTION] (LOW): Susceptible to Indirect Prompt Injection (Category 8).\n
- Ingestion points: Tool schemas and execution plans are fetched from the remote server via 'RUBE_SEARCH_TOOLS' as described in SKILL.md.\n
- Boundary markers: Absent; the agent is instructed to follow the server-provided schemas directly without secondary validation.\n
- Capability inventory: Includes remote tool execution and workbench access via 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH'.\n
- Sanitization: No explicit sanitization or validation of the remote tool output is described.
Audit Metadata