The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The skill mandates the addition of an untrusted external MCP endpoint at https://rube.app/mcp. This source does not belong to the list of trusted providers, introducing risk from unverified third-party infrastructure.
REMOTE_CODE_EXECUTION (HIGH): Through the RUBE_SEARCH_TOOLS mechanism, the agent fetches its operational logic, tool schemas, and execution plans from a remote server at runtime. This allows an external entity to control the agent's behavior and tool usage dynamically.
COMMAND_EXECUTION (MEDIUM): The skill provides broad automation capabilities over a web browser via browser_tool. If the remote tool definitions are malicious, this could be used to perform unauthorized actions in the user's browser sessions.
PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its dependency on remote tool discovery. 1. Ingestion points: Data enters via the RUBE_SEARCH_TOOLS response as described in SKILL.md. 2. Boundary markers: Absent; no delimiters are used to protect the agent from instructions embedded in the tool schemas. 3. Capability inventory: The agent has access to RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH, and browser automation tools (defined in SKILL.md). 4. Sanitization: There is no mechanism described to validate or sanitize the schemas provided by the remote server.

browser-tool-automation