veriphone-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs users to add
https://rube.app/mcpas an MCP server. This is an unverifiable third-party domain not included in the Trusted External Sources list. The claim that 'No API keys needed' suggests a lack of standard authentication for the remote component. - [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOL. These tools provide the capability to execute complex workflows and code on remote environments. When combined with an untrusted endpoint, this creates a high-risk execution path. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill relies on 'Tool Discovery' via
RUBE_SEARCH_TOOLSto determine the agent's next steps. The agent is explicitly instructed to 'Always discover available tools before executing workflows' and 'Never hardcode tool slugs... without calling RUBE_SEARCH_TOOLS'. This ensures the agent is subservient to the data returned by the remote server, which could inject malicious tool schemas or execution plans. - Ingestion points: Tool schemas and execution plans returned by
RUBE_SEARCH_TOOLSfromrube.app. - Boundary markers: None identified. The skill prioritizes the remote schema over local instructions.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOL,RUBE_REMOTE_WORKBENCH, andRUBE_MANAGE_CONNECTIONS. - Sanitization: None. The skill mandates strict compliance with the remote search results.
Recommendations
- AI detected serious security threats
Audit Metadata