worksnaps-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the user to add a third-party MCP server at
https://rube.app/mcp. This domain is not included in the trusted source list provided in the security skill documentation, representing an external dependency. - [PROMPT_INJECTION] (LOW): The skill possesses a surface for Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: The skill ingests untrusted data from the
RUBE_SEARCH_TOOLScommand, which fetches tool schemas and plans from a remote source. 2. Boundary markers: No delimiters or ignore instructions are specified for the tool discovery results. 3. Capability inventory: The skill utilizesRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto execute logic based on the remote data. 4. Sanitization: No sanitization or validation of the remote tool definitions is mentioned.
Audit Metadata