sc-brainstorm
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (MEDIUM): The
mcp__rube__RUBE_REMOTE_WORKBENCHtool is designed to execute arbitrary Python code strings at runtime. While the example shows it being used for data analysis, this capability allows for the execution of potentially harmful scripts within the execution environment. - Indirect Prompt Injection (LOW): The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted data and passing it to an LLM.
- Ingestion points: The skill reads external data from the local file system (e.g.,
/tmp/user_feedback.json). - Boundary markers: None. The data is interpolated directly into an LLM prompt.
- Capability inventory: The skill can execute arbitrary Python code and interact with external APIs like Slack, Notion, and Jira.
- Sanitization: No sanitization or escaping is performed on the ingested data before it is sent to the LLM via
invoke_llm.
Audit Metadata