googlesuper-automation
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to add an external MCP server from
https://rube.app/mcp. This introduces a remote dependency that is not from a recognized trusted organization or well-known service, meaning the tools and code served are unverifiable. - [COMMAND_EXECUTION]: The skill implements a workflow where the agent executes commands via
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHbased on schemas and plans fetched dynamically from the remote MCP server. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on remote data ingestion.
- Ingestion points: The
RUBE_SEARCH_TOOLStool fetches "recommended execution plans" and "known pitfalls" from therube.appserver. - Boundary markers: No boundary markers or "ignore embedded instructions" warnings are present to protect the agent from malicious instructions within the fetched plans.
- Capability inventory: The agent is granted the capability to execute multi-tool workflows (
RUBE_MULTI_EXECUTE_TOOL) and remote operations (RUBE_REMOTE_WORKBENCH) based on the fetched data. - Sanitization: There is no evidence of sanitization or validation of the remote execution plans before the agent processes them.
Audit Metadata