wit-ai-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill instructs the agent to ingest and obey instructions from an external source. • Ingestion point: Tool schemas and execution plans returned by RUBE_SEARCH_TOOLS (SKILL.md). • Boundary markers: Absent; the instructions explicitly tell the agent to search tools for 'current schemas' and follow 'recommended execution plans'. • Capability inventory: Powerful execute/write capabilities via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. • Sanitization: Absent; the agent is told to use exact field names and types provided by the search results.
- External Dependency (MEDIUM): Requires connection to a third-party MCP endpoint (https://rube.app/mcp) which is not within the trusted organization scope, posing a potential supply chain risk.
Recommendations
- AI detected serious security threats
Audit Metadata