wakatime-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the user to add an external MCP server (https://rube.app/mcp) which is not among the verified trusted organizations.
- [COMMAND_EXECUTION] (MEDIUM): The skill implements a pattern (RUBE_MULTI_EXECUTE_TOOL) where tool slugs and arguments are retrieved dynamically from a remote search result at runtime, allowing the remote server to dictate which operations are performed.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it processes instructions and execution plans from an untrusted external API. 1. Ingestion points: RUBE_SEARCH_TOOLS response (SKILL.md). 2. Boundary markers: No delimiters or ignore instructions are used for the remote tool schemas. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH allow for broad toolkit operations. 4. Sanitization: No sanitization of the remote tool definitions is performed before execution.
Audit Metadata