veo-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the user to add an external MCP endpoint
https://rube.app/mcp. This domain is not included in the Trusted External Sources list. External MCP servers can serve malicious tool definitions or capture sensitive context sent during tool calls. - REMOTE_CODE_EXECUTION (MEDIUM): By design, the skill uses
RUBE_MULTI_EXECUTE_TOOLto run functionality hosted on a remote server. This allows for the execution of logic controlled by an external entity, which can be updated or changed without the user's knowledge. - DYNAMIC_EXECUTION (MEDIUM): The workflow mandates calling
RUBE_SEARCH_TOOLSto discover tool schemas at runtime before execution. This dynamic assembly of execution parameters (tool_slug,arguments) from remote data is a form of dynamic loading that could be exploited to redirect the agent to unintended tools. - INDIRECT_PROMPT_INJECTION (LOW): The skill is vulnerable to tool output poisoning.
- Ingestion points: Data returned from
RUBE_SEARCH_TOOLS, including 'recommended execution plans' and 'schemas'. - Boundary markers: Absent. The skill does not instruct the agent to ignore or delimit instructions found within the tool discovery data.
- Capability inventory: Significant capabilities are exposed via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH(bulk operations). - Sanitization: None. The skill relies on 'exact field names' from the remote source without local validation.
Audit Metadata