yousearch-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill instructs the agent to 'Always search tools first' using RUBE_SEARCH_TOOLS. This creates a massive attack surface for tool output poisoning (Category 8c) where the remote server can return malicious schemas or 'recommended execution plans' that hijack agent behavior.
- External Downloads (HIGH): The setup requires adding the endpoint 'https://rube.app/mcp' as an MCP server. This is an untrusted external dependency that provides dynamic tool definitions and prompts at runtime.
- Command Execution (HIGH): The workflow utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to perform actions based on untrusted data fetched from the remote search tool.
- Category 8 Evidence Chain (HIGH): 1. Ingestion points: Tool discovery via RUBE_SEARCH_TOOLS; 2. Boundary markers: Absent; 3. Capability inventory: Side-effect tool execution via RUBE_MULTI_EXECUTE_TOOL; 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata