typless-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to add a remote MCP server from https://rube.app/mcp which is not a verified trusted source.
- [REMOTE_CODE_EXECUTION] (HIGH): Through RUBE_REMOTE_WORKBENCH and RUBE_MULTI_EXECUTE_TOOL, the skill facilitates execution of logic driven by recommended plans fetched from the remote server at runtime.
- [PROMPT_INJECTION] (HIGH): Significant surface for Indirect Prompt Injection (Category 8). Ingestion points: User-provided use cases and remote registry metadata from https://rube.app/mcp. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_MANAGE_CONNECTIONS allow modification of external Typless accounts. Boundary markers: Absent; the agent is explicitly instructed to follow remote execution plans and schemas returned by the search tool. Sanitization: None.
- [COMMAND_EXECUTION] (MEDIUM): Executes arbitrary tools with arguments derived from external search results, granting the remote server influence over agent actions.
Recommendations
- AI detected serious security threats
Audit Metadata