sc-document
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill utilizes
mcp__rube__RUBE_REMOTE_WORKBENCHwhich allows the agent to execute arbitrary Python code. The example provided shows the ability toimport osand process files programmatically, which can be exploited to gain unauthorized system access or modify sensitive files. - [DATA_EXFILTRATION] (MEDIUM): The integration with
mcp__rube__RUBE_MULTI_EXECUTE_TOOLenables the agent to send data to external services such as Notion, Confluence, and Slack. Because the skill's primary function is to read source code, there is a risk that secrets, API keys, or proprietary logic found in code comments or files could be transmitted to these third-party platforms. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is highly susceptible to indirect prompt injection because it ingests untrusted data (source code and comments) to generate documentation.
- Ingestion points: Local source files, directories, and external API documentation fetched via
mcp__pal__apilookup. - Boundary markers: None detected; the skill does not use delimiters or instructions to ignore embedded commands in the source files.
- Capability inventory: Includes file reading/writing, network exfiltration (Slack/Notion), and arbitrary code execution (
RUBE_REMOTE_WORKBENCH). - Sanitization: No evidence of sanitization or validation of the content extracted from code before it is processed or published.
Recommendations
- AI detected serious security threats
Audit Metadata