u301-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (LOW): The skill requires the user to configure an external MCP server endpoint at
https://rube.app/mcp. This domain is not on the predefined trusted list, representing an unverifiable remote dependency. However, this is the intended primary purpose of the skill. - [Indirect Prompt Injection] (LOW): The skill exhibits an indirect prompt injection surface by design, as it instructs the agent to fetch and follow execution plans and schemas from a remote source at runtime.
- Ingestion points: Untrusted data enters the agent context through the results of the
RUBE_SEARCH_TOOLScommand (specifically tool slugs, schemas, and execution plans). - Boundary markers: Absent; there are no instructions provided to the agent to treat the remote schema data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill provides access to powerful tools like
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, which can execute arbitrary logic based on the fetched schemas. - Sanitization: No sanitization or validation of the remote content is mentioned or implemented in the instruction set.
Audit Metadata