leadfeeder-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server at
https://rube.app/mcp. This endpoint provides the core logic and tool schemas necessary for the skill's operation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on dynamically discovered tool schemas and execution plans. Instructions for tool execution are derived directly from the output of the
RUBE_SEARCH_TOOLScommand. - Ingestion points: Data enters the agent context through the responses of
RUBE_SEARCH_TOOLSandRUBE_GET_TOOL_SCHEMASinSKILL.md. - Boundary markers: There are no defined delimiters or specific instructions to the agent to disregard potentially malicious commands embedded within the fetched tool metadata.
- Capability inventory: The skill uses
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, which are capable of executing various automated actions and scripts based on the ingested schemas. - Sanitization: The instructions do not prescribe any validation, escaping, or filtering of the content returned by the external MCP server before it is used to formulate tool calls.
Audit Metadata