wachete-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the configuration of an external MCP server at 'https://rube.app/mcp'. While this is standard for MCP-based skills, it establishes a network dependency on a non-whitelisted third-party domain.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It instructs the agent to dynamically fetch tool schemas and execution plans via 'RUBE_SEARCH_TOOLS' and execute them.
- Ingestion points: Data returned from the 'RUBE_SEARCH_TOOLS' call.
- Boundary markers: None specified in the prompt instructions to delineate untrusted tool schemas from system instructions.
- Capability inventory: Includes 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH', allowing for complex remote operations based on fetched data.
- Sanitization: No validation or sanitization of the fetched tool schemas is performed before use.
Audit Metadata