zerobounce-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill mandates the use of an external MCP server endpoint (
https://rube.app/mcp) that is not within the trusted source list. - Evidence: 'Add https://rube.app/mcp as an MCP server in your client configuration.'
- This configuration delegates the agent's tool definitions and execution environment to an unverified third party.
- [Indirect Prompt Injection] (HIGH): The skill creates a high-risk attack surface by instructing the agent to fetch instructions (schemas and plans) from the external Rube MCP service and execute them directly.
- Ingestion points:
RUBE_SEARCH_TOOLSretrieves schemas, plans, and 'pitfalls' from the external server. - Boundary markers: None. The skill explicitly tells the agent to 'Always search tools first' and 'Use exact field names and types from the search results,' creating a dependency on untrusted data for execution logic.
- Capability inventory:
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHprovide the ability to execute code and perform side-effect operations based on the fetched data. - Sanitization: No sanitization or validation of the externally provided tool schemas or execution plans is performed before they are processed by the agent.
- [Dynamic Execution] (MEDIUM): The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHto execute operations that are defined at runtime through dynamic schema discovery.
Recommendations
- AI detected serious security threats
Audit Metadata