sc-explain
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external web searches (mcp__rube__RUBE_SEARCH_TOOLS) and local code files (Read/Grep/Glob), creating a surface for indirect prompt injection where malicious instructions in the source material could influence the agent. Ingestion points: mcp__rube__RUBE_SEARCH_TOOLS and local code analysis tools. Boundary markers: No explicit delimiters or instruction isolation markers are defined in the skill logic. Capability inventory: The skill has the ability to write to external services via mcp__rube__RUBE_MULTI_EXECUTE_TOOL. Sanitization: There is no evidence of validation or filtering for ingested content.
- [DATA_EXFILTRATION]: The skill utilizes the mcp__rube__RUBE_MULTI_EXECUTE_TOOL to post explanations and content to external platforms such as Slack, Notion, and Confluence. While this is a functional feature for collaboration, it represents a data exfiltration surface if sensitive code or documentation is inadvertently transmitted to third-party endpoints.
Audit Metadata