googlesuper-automation

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the user to add an external MCP server from https://rube.app/mcp. This introduces a remote dependency that is not from a recognized trusted organization or well-known service, meaning the tools and code served are unverifiable.
  • [COMMAND_EXECUTION]: The skill implements a workflow where the agent executes commands via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH based on schemas and plans fetched dynamically from the remote MCP server.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on remote data ingestion.
  • Ingestion points: The RUBE_SEARCH_TOOLS tool fetches "recommended execution plans" and "known pitfalls" from the rube.app server.
  • Boundary markers: No boundary markers or "ignore embedded instructions" warnings are present to protect the agent from malicious instructions within the fetched plans.
  • Capability inventory: The agent is granted the capability to execute multi-tool workflows (RUBE_MULTI_EXECUTE_TOOL) and remote operations (RUBE_REMOTE_WORKBENCH) based on the fetched data.
  • Sanitization: There is no evidence of sanitization or validation of the remote execution plans before the agent processes them.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 06:22 PM
Security Audit — agent-trust-hub — googlesuper-automation