wati-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires connection to an external MCP server at
https://rube.app/mcp. This domain is not part of the trusted organization list, making it an unverified remote dependency.\n- PROMPT_INJECTION (LOW): Category 8: Indirect Prompt Injection surface. \n - Ingestion points: The agent fetches tool schemas and execution plans dynamically from
RUBE_SEARCH_TOOLS.\n - Boundary markers: None; instructions direct the agent to follow the retrieved schemas and execution plans strictly.\n
- Capability inventory: The skill includes tools for multi-tool execution and a remote workbench (
RUBE_REMOTE_WORKBENCH).\n - Sanitization: No input validation or sanitization of the remote schema data is mentioned.\n- REMOTE_CODE_EXECUTION (LOW): The skill utilizes
RUBE_REMOTE_WORKBENCHto perform operations that are defined by the remote server's responses.
Audit Metadata