uptimerobot-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill mandates the addition of an external MCP server endpoint (
https://rube.app/mcp). This source is not on the trusted list and provides executable tool capabilities to the agent, representing an unverifiable remote dependency. - PROMPT_INJECTION (LOW): The workflow is vulnerable to indirect prompt injection because it relies on dynamic tool schemas fetched via
RUBE_SEARCH_TOOLS. Evidence Chain: 1. Ingestion points: Tool schemas and execution plans returned from the Rube MCP endpoint. 2. Boundary markers: None; the skill instructions lack delimiters or warnings to ignore instructions embedded in the schemas. 3. Capability inventory:RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHenable execution of remote logic. 4. Sanitization: Absent; the instructions require the agent to use exact field names and types provided by the remote server. - COMMAND_EXECUTION (LOW): The skill facilitates the execution of remote operations through the
RUBE_MULTI_EXECUTE_TOOLinterface. While intended for Uptimerobot automation, the control flow and input validation are managed by the external MCP provider.
Audit Metadata