instacart-automation
Warn
Audited by Snyk on Jun 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill requires adding and calling the remote MCP endpoint https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS, RUBE_MANAGE_CONNECTIONS, RUBE_MULTI_EXECUTE_TOOL) to fetch tool schemas and recommended execution plans that directly control agent behavior and trigger remote tool execution, so this external URL is a runtime dependency that can control prompts/execute code.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is a specialized Instacart toolkit integration (not a generic browser or HTTP tool). It requires an active "instacart" connection and instructs discovery and execution of toolkit tools via RUBE_MULTI_EXECUTE_TOOL — which, in the context of an Instacart toolkit, can include placing orders, performing checkout, and other commerce actions that result in payments. Although no specific payment gateway names (Stripe/PayPal/etc.) are listed, the skill is explicitly designed to automate a commercial ordering platform and therefore can directly execute financial transactions on behalf of a user. This meets the "specific tool for moving money" criterion rather than a generic capability.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata