better-stack-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its reliance on untrusted data processed at runtime.
- Ingestion points: The agent fetches tool slugs, input schemas, and execution plans dynamically from the
RUBE_SEARCH_TOOLScommand (SKILL.md). - Boundary markers: The instructions do not specify any delimiters or safety warnings to ignore instructions embedded within the fetched tool descriptions or schemas (SKILL.md).
- Capability inventory: The skill allows for the execution of discovered tools via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, providing a path for the agent to act on injected instructions (SKILL.md). - Sanitization: No explicit validation or sanitization of the external tool metadata is present in the skill instructions.
- [EXTERNAL_DOWNLOADS]: The skill configuration requires the addition of an external MCP server at
https://rube.app/mcpto function (SKILL.md).
Audit Metadata