waiverfile-automation
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server at
https://rube.app/mcpto function. This server provides tool definitions and schemas dynamically at runtime from a third-party domain. - [COMMAND_EXECUTION]: The inclusion of the
RUBE_REMOTE_WORKBENCHtool indicates that the skill facilitates the execution of code or commands within a remote environment managed by the service provider. - [DATA_EXFILTRATION]: Workflow execution involves routing authentication and operational data through the
rube.appinfrastructure viaRUBE_MANAGE_CONNECTIONSandRUBE_MULTI_EXECUTE_TOOL. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface.
- Ingestion points: Data is ingested through
RUBE_SEARCH_TOOLSwhich fetches tool schemas and plans from a remote server. - Boundary markers: No instructions are provided for the agent to treat search results as untrusted or to ignore instructions embedded within the schemas.
- Capability inventory: The skill possesses high-privilege tools including
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfor command execution. - Sanitization: No validation or sanitization of the remote tool definitions is described before execution.
Audit Metadata