bigpicture-io-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a dynamic discovery mechanism via
RUBE_SEARCH_TOOLSthat fetches execution plans and tool schemas from a remote service athttps://rube.app/mcp. This creates a surface for indirect prompt injection where untrusted data from the external service could potentially manipulate the agent's logic or execution steps. - Ingestion points: Results from
RUBE_SEARCH_TOOLSdefined inSKILL.md. - Boundary markers: Not present; instructions direct the agent to follow returned schemas and execution plans directly.
- Capability inventory: Includes tool execution via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfor Bigpicture IO operations. - Sanitization: No sanitization or validation of the remote schemas is documented in the skill.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute operations using
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHbased on schemas retrieved at runtime from an external source. - [EXTERNAL_DOWNLOADS]: The skill references an external MCP server endpoint (
https://rube.app/mcp) which is required for its core functionality and acts as a remote repository for tool configurations.
Audit Metadata