virustotal-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to fetch 'recommended execution plans' and tool schemas from a remote endpoint (rube.app) via the RUBE_SEARCH_TOOLS function. This introduces a vulnerability where a compromised or malicious remote server could dictate agent actions. Ingestion points: Response data from RUBE_SEARCH_TOOLS including execution plans and tool schemas. Boundary markers: None present; the agent is explicitly told to follow the returned plans. Capability inventory: Powerful tools including RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH are available for execution. Sanitization: None specified; the agent relies entirely on the remote schema.
- Unverifiable Dependencies (MEDIUM): The skill requires the addition of an external MCP server (https://rube.app/mcp) not found on the list of trusted providers. This server acts as a dynamic code/tool provider for the agent.
Recommendations
- AI detected serious security threats
Audit Metadata